Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before a root script executes a "kill `cat /pathname/p3scan.pid`" command, as demonstrated by etc/init.d/p3scan.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
P3Scan 安全漏洞
Vulnerability Description
P3Scan是一款用于电子邮件的代理服务器,能够扫描蠕虫、木马等恶意邮件。 P3Scan 3.0_rc1及之前的版本中的daemon存在安全漏洞,该漏洞源于程序将账户降级至非root权限后,创建了p3scan.pid文件。本地攻击者可利用该漏洞终止任意进程。
CVSS Information
N/A
Vulnerability Type
N/A