[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1176Date: (C)2011-03-29   (M)2023-12-22


The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-46953
ADV-2011-0748
ADV-2011-0749
ADV-2011-0824
DSA-2202
MDVSA-2011:057
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html
http://openwall.com/lists/oss-security/2011/03/20/1
http://openwall.com/lists/oss-security/2011/03/21/13
apache-mtmitk-weak-security(66248)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857

CPE    4
cpe:/a:apache:http_server
cpe:/o:debian:debian_linux:5.0
cpe:/o:debian:debian_linux:6.0
cpe:/o:debian:debian_linux:7.0
...
OVAL    2
oval:org.secpod.oval:def:700672
oval:org.secpod.oval:def:300436

© SecPod Technologies