uutils coreutils Argument Parsing Error in kill Utility Leading to Process Termination
Vulnerability
A vulnerability exists in the uutils coreutils kill utility, specifically in version 0.6.0, due to an argument parsing error. The utility incorrectly interprets the command 'kill -1' as a request to send the default signal (SIGTERM) to PID -1. This misinterpretation causes the kernel to terminate all processes visible to the caller, which could result in a system crash or a large-scale process termination. In contrast, GNU coreutils correctly identifies -1 as a signal number in this context and would report a missing PID argument instead.
Impact
Terminating all processes visible to the caller, potentially leading to a system crash or massive process termination.
Reproduction
The vulnerability can be reproduced by executing the command 'kill -1' using the uutils coreutils version 0.6.0. The command will incorrectly send a termination signal to PID -1, causing the kernel to terminate all processes visible to the caller.
Remediation
Users can upgrade to uutils coreutils version 0.6.0 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.