LiveActive security incident?Get immediate response
CVE Record

CVE-2016-20015: In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokepi...

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.

HighCVSS 7.5Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This issue affects Gentoo packaging for SmokePing. A startup script could let the low-privileged smokeping account take ownership of files it should not control, potentially leading to root privileges. The business concern is privilege escalation on affected monitoring servers, not confirmed active exploitation.

Executive priority

Prioritize remediation on Gentoo monitoring servers, especially shared or multi-user systems. Treat this as a high-severity local privilege-escalation risk, but do not assume internet-scale exploitation from the provided evidence.

Technical view

CVE-2016-20015 is a CWE-362 race condition in the Gentoo SmokePing ebuild through smokeping-2.7.3-r1. The CVE describes a race involving /var/lib/smokeping and chown in the initscript, allowing the smokeping user to gain ownership of arbitrary files and escalate privileges.

Likely exposure

Exposure appears limited to Gentoo systems using the SmokePing ebuild through smokeping-2.7.3-r1. The source bundle does not provide CPEs or broader affected-product metadata, so organizations should verify actual package lineage locally.

Exploitation context

The CVE is not listed as KEV in the provided bundle, and no cited source states active exploitation. The CVSS vector requires low privileges and high attack complexity, consistent with a race condition rather than simple remote compromise.

Researcher notes

The bundle is sparse: affected CPEs are absent, and the Gentoo bug is the only vendor-linked reference. The core issue is an initscript race around chown and /var/lib/smokeping that may let the smokeping user obtain arbitrary file ownership.

Mitigation direction

  • Check Gentoo Bug 602652 and Gentoo package guidance for corrected ebuild status.
  • Upgrade SmokePing packaging when Gentoo provides a fixed package or revision.
  • Restrict shell and administrative access to affected Gentoo monitoring hosts.
  • Reduce privileges and file-system reach of the smokeping service account where feasible.
  • Monitor sensitive file ownership changes on affected hosts.

Validation and detection

  • Inventory Gentoo hosts running SmokePing from the Gentoo ebuild.
  • Confirm whether installed versions are through smokeping-2.7.3-r1.
  • Review the installed initscript for risky chown behavior around /var/lib/smokeping.
  • Check whether the smokeping account owns unexpected files outside its data path.
  • Review logs and file metadata for suspicious ownership changes.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-362: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2016-20015 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H1.65.9Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2016-20015Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-362 · source CWE mapping

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.