CVE-2017-18284 in Burp
Summary
by MITRE
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 02/14/2020
The vulnerability identified as CVE-2017-18284 affects the Gentoo app-backup/burp package version 2.1.32 and earlier, presenting a significant local privilege escalation risk through improper file system ownership handling. This flaw exists within the backup software's initialization process where the PID file directory is deliberately assigned ownership to the burp user account rather than maintaining root ownership or using proper security contexts. The burp package is designed for network-based backup solutions that typically require elevated privileges to function correctly, yet this specific implementation creates an unintended attack surface by allowing the burp user to manipulate critical system resources.
The technical exploitation of this vulnerability relies on the fundamental principle that processes can only be terminated by the owner of the process or by root. When the PID file directory is owned by the burp account, local users who gain access to this account can modify PID files within that directory. This modification capability allows attackers to manipulate process identifiers that are subsequently used by root scripts to send SIGKILL signals. The vulnerability represents a classic case of insecure file permissions and improper privilege separation, where the security model assumes that the burp user account is trusted for system-level operations that should remain restricted to privileged processes.
The operational impact of this vulnerability extends beyond simple process termination capabilities, as it enables attackers to potentially disrupt critical backup operations and system services. The root script that sends SIGKILL signals to processes based on PID files in this directory could be manipulated to target any running process, not just those belonging to the burp service. This creates a broader threat landscape where an attacker with access to the burp account can effectively perform process injection or service disruption attacks. The vulnerability aligns with CWE-276, which addresses improper file permissions and inadequate access control mechanisms, and can be mapped to ATT&CK technique T1059.003 for process injection and T1489 for service disruption.
Mitigation strategies for this vulnerability should focus on immediate remediation through package updates to version 2.1.32 or later, where the issue has been addressed by ensuring proper ownership of PID file directories. System administrators should also implement additional security controls such as monitoring for unauthorized access to the burp user account and verifying that no local users have privileges that could lead to exploitation of this vulnerability. The fix typically involves implementing proper privilege separation where the burp service creates PID files with appropriate permissions and ownership, preventing local users from modifying critical system resources that could be leveraged for privilege escalation attacks. Organizations should also conduct thorough security audits to identify any other instances where similar privilege escalation vectors might exist within their backup and system management tools.