CVE-2017-14159

Name of the Vulnerable Software and Affected Versions OpenLDAP versions 2.4.45 and earlier

Description The issue allows local users to potentially kill arbitrary processes by modifying the PID file after privileges have been dropped to a non-root account. This can be exploited before a root script executes a command to kill a process based on the PID file content, as shown in the openldap-initscript demonstration.

Recommendations For OpenLDAP versions 2.4.45 and earlier, consider restricting access to the PID file to prevent modification by non-root accounts until a fix is available. As a temporary workaround, avoid using scripts that execute "kill cat /pathname" commands based on PID files accessible by non-root accounts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.