CVE-2016-20015

Name of the Vulnerable Software and Affected Versions SmokePing versions through 2.7.3-r1

Description The initscript in the ebuild package for SmokePing on Gentoo allows the smokeping user to gain ownership of any file, potentially leading to the smokeping user gaining root privileges. This issue involves a race condition related to /var/lib/smokeping and the chown command.

Recommendations For versions through 2.7.3-r1, consider restricting the privileges of the smokeping user to prevent exploitation of this issue. As a temporary workaround, restrict access to the /var/lib/smokeping directory to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.