GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Jul 28, 2020 2:26 pm Post subject: [ GLSA 202007-40 ] Thin |
 |
|
Gentoo Linux Security Advisory
Title: Thin: Privilege escalation (GLSA 202007-40)
Severity: normal
Exploitable: local
Date: 2020-07-27
Bug(s): #642200
ID: 202007-40
Synopsis
A vulnerability was discovered in Thin which may allow local
attackers to kill arbitrary processes (denial of service).
Background
Thin is a small and fast Ruby web server.
Affected Packages
Package: www-servers/thin
Vulnerable: <= 1.7.2
Architectures: All supported architectures
Description
It was discovered that Gentoo’s Thin ebuild does not properly handle
its temporary runtime directories. This only affects OpenRC systems, as
the flaw was exploitable via the init script.
Impact
A local attacker could cause denial of service by killing arbitrary
processes.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for Thin. We recommend that users
unmerge Thin:
| Code: | # emerge --unmerge "www-servers/thin"
|
NOTE: The Gentoo developer(s) maintaining Thin have discontinued support
at this time. It may be possible that a new Gentoo developer will update
Thin at a later date. There are many other web servers available in the
tree in the www-servers category. |
|
News & Announcements
