CVE-2017-14681

Name of the Vulnerable Software and Affected Versions P3Scan versions 3.0 rc1 and earlier

Description The issue allows local users to potentially kill arbitrary processes by modifying the p3scan.pid file, which is created after the daemon drops privileges to a non-root account. This can be exploited before a root script executes a command to kill a process based on the pid in the p3scan.pid file.

Recommendations For P3Scan versions 3.0 rc1 and earlier, consider restricting access to the p3scan.pid file to prevent unauthorized modifications until a fix is available. Additionally, review scripts that execute commands based on the contents of the p3scan.pid file to ensure they are secure and cannot be manipulated to kill arbitrary processes.