CVE-2017-14102

Name of the Vulnerable Software and Affected Versions MIMEDefang versions 2.80 and earlier

Description The issue allows local users to potentially kill arbitrary processes by modifying the PID file, which is created after privileges are dropped to a non-root account. This can be exploited before a root script executes a command to kill a process based on the PID file content.

Recommendations For versions 2.80 and earlier, consider restricting access to the PID file to prevent modification by non-root accounts until a fix is available. As a temporary workaround, consider modifying the init-script.in and mimedefang-init.in scripts to handle PID file access securely.