Описание
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| trafficserver | unfixed | package |
Примечания
https://www.openwall.com/lists/oss-security/2024/11/13/1
https://github.com/apache/trafficserver/pull/11855
Fixed by: https://github.com/apache/trafficserver/commit/27f504883547502b1f5e4e389edd7f26e3ab246f (9.2.6-rc0)
Fixed by: https://github.com/apache/trafficserver/commit/ae638096e259121d92d46a9f57026a5ff5bc328b (master)
Complemented by: https://github.com/apache/trafficserver/pull/11872
Followup: https://github.com/apache/trafficserver/commit/a0d49ddb44ea5e295c85d7d88a13e4978d6bc84b (9.2.7-rc0)
Followup: https://github.com/apache/trafficserver/commit/d4dda9b5583d19e2eee268fec59aa487d61fc079 (master)
EPSS
Связанные уязвимости
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
Уязвимость веб-сервера Apache Traffic Server, связанная с некорректной проверкой возвращаемого значения функции сброса привилегий, позволяющая нарушителю повысить свои привилегии
EPSS