High severity7.8NVD Advisory· Published Sep 25, 2017· Updated May 13, 2026
CVE-2017-14730
CVE-2017-14730
Description
The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link.
Affected products
17cpe:2.3:a:elasticsearch:logstash:5.0.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:elasticsearch:logstash:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:elasticsearch:logstash:5.6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- bugs.gentoo.org/628558nvdThird Party Advisory
- github.com/gentoo/gentoo/pull/5665nvdThird Party Advisory
- gitweb.gentoo.org/repo/gentoo.git/commit/nvdThird Party Advisory
- gitweb.gentoo.org/repo/gentoo.git/commit/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.