CVE-2017-20147 in SmokePing
Summary
by MITRE • 09/20/2022
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 05/29/2025
The vulnerability identified as CVE-2017-20147 resides within the smokeping ebuild package version through smokeping-2.7.3-r1 on Gentoo Linux systems. This issue stems from improper privilege separation and file permission management within the service's initialization script. The smokeping user account possesses write permissions to the PID file that the service utilizes to track its process identifier. This configuration creates a critical security flaw that allows an attacker with access to the smokeping user account to manipulate the PID file contents.
The technical exploitation of this vulnerability occurs through the manipulation of the PID file itself. When the smokeping service is stopped, the system reads the PID file to identify which process to terminate. By writing arbitrary process identifiers into this file, the smokeping user can effectively redirect the service stop operation to target any arbitrary process identifier within the system. This manipulation causes the system to attempt termination of processes that are not actually running the smokeping service, leading to a denial of service condition that can affect critical system processes or legitimate services.
The operational impact of this vulnerability extends beyond simple service disruption. When exploited, the malicious PID file manipulation can cause legitimate system processes to be terminated or disrupted, potentially leading to broader system instability. The vulnerability represents a privilege escalation path where a low-privilege user can cause system-wide disruptions through careful manipulation of process identifiers. This type of attack falls under the category of denial of service through process management manipulation and can be particularly dangerous in production environments where system stability is paramount.
This vulnerability aligns with CWE-276, which addresses improper file permissions, and represents a classic case of inadequate privilege separation in service management. The ATT&CK framework categorizes this under privilege escalation techniques, specifically targeting the manipulation of process identifiers to cause system disruption. The issue demonstrates poor security hygiene in service initialization scripts where file permissions are not properly restricted, allowing users with minimal privileges to affect system-wide process management operations.
Mitigation strategies should focus on implementing proper file permission controls for PID files used by system services. The PID file should be owned by the root user and have restrictive permissions to prevent modification by non-privileged users. Additionally, the initialization script should implement proper validation of PID file contents before attempting service termination. System administrators should ensure that all service initialization scripts properly enforce privilege separation and avoid creating writable PID files for processes that could be exploited to cause system-wide disruption. Regular security audits of service configurations and file permissions should be conducted to identify and remediate similar privilege escalation vulnerabilities across the system infrastructure.