The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html - | |
References | () http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0789.html - | |
References | () http://secunia.com/advisories/59551 - | |
References | () http://secunia.com/advisories/60094 - | |
References | () http://www.openwall.com/lists/oss-security/2014/05/21/1 - | |
References | () http://www.securityfocus.com/bid/67532 - |
Information
Published : 2014-05-27 14:55
Updated : 2024-11-21 02:01
NVD link : CVE-2014-0240
Mitre link : CVE-2014-0240
CVE.ORG link : CVE-2014-0240
JSON object : View
Products Affected
modwsgi
- mod_wsgi
CWE
CWE-264
Permissions, Privileges, and Access Controls