Critical severity9.8NVD Advisory· Published May 28, 2017· Updated May 13, 2026
CVE-2017-9232
CVE-2017-9232
Description
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/juju/jujuGo | < 0.0.0-20170524231039-0417178a3c28 | 0.0.0-20170524231039-0417178a3c28 |
Affected products
38cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*range: <=1.25.12
- cpe:2.3:a:canonical:juju:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta10:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta11:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta12:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta13:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta14:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta15:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta16:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta17:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta18:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:juju:2.1.2:*:*:*:*:*:*:*
Patches
10417178a3c28Security fix for bug 1682411 - create socket path with restricted permissions
1 file changed · +30 −2
juju/sockets/sockets_nix.go+30 −2 modified@@ -7,9 +7,11 @@ package sockets import ( + "io/ioutil" "net" "net/rpc" "os" + "path/filepath" "github.com/juju/errors" ) @@ -23,6 +25,32 @@ func Listen(socketPath string) (net.Listener, error) { if err := os.Remove(socketPath); err != nil { logger.Tracef("ignoring error on removing %q: %v", socketPath, err) } - listener, err := net.Listen("unix", socketPath) - return listener, errors.Trace(err) + // We first create the socket in a temporary directory as a subdirectory of + // the target dir so we know we can get the permissions correct and still + // rename the socket into the correct place. + // ioutil.TempDir creates the temporary directory as 0700 so it starts with + // the right perms as well. + socketDir, socketName := filepath.Split(socketPath) + // socketName here is just the prefix for the temporary dir name, + // so it won't collide + tempdir, err := ioutil.TempDir(socketDir, socketName) + if err != nil { + return nil, errors.Trace(err) + } + defer os.RemoveAll(tempdir) + tempSocketPath := filepath.Join(tempdir, socketName) + listener, err := net.Listen("unix", tempSocketPath) + if err != nil { + logger.Errorf("failed to listen on unix:%s: %v", tempSocketPath, err) + return nil, errors.Trace(err) + } + if err := os.Chmod(tempSocketPath, 0700); err != nil { + listener.Close() + return nil, errors.Trace(err) + } + if err := os.Rename(tempSocketPath, socketPath); err != nil { + listener.Close() + return nil, errors.Trace(err) + } + return listener, nil }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- bugs.launchpad.net/juju/+bug/1682411nvdExploitIssue TrackingThird Party AdvisoryWEB
- www.securityfocus.com/bid/98737nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-j3hp-pv6v-rgrxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-9232ghsaADVISORY
- github.com/juju/juju/commit/0417178a3c2869537860e8b3b5e787ce1732231fghsaWEB
- www.exploit-db.com/exploits/44023ghsaWEB
- www.exploit-db.com/exploits/44023/nvd
News mentions
0No linked articles in our index yet.