Описание
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system.
Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Enterprise 2 | python27-mod_wsgi | Affected | ||
| Red Hat Satellite 5.6 | mod_wsgi | Will not fix | ||
| Red Hat Satellite 6 | mod_wsgi | Not affected | ||
| Red Hat Satellite Proxy 5.6 | mod_wsgi | Not affected | ||
| Red Hat Subscription Asset Manager | mod_wsgi | Will not fix | ||
| RHUI for RHEL 6 | mod_wsgi | Will not fix | ||
| Red Hat Enterprise Linux 6 | mod_wsgi | Fixed | RHSA-2014:0788 | 25.06.2014 |
| Red Hat Enterprise Linux 7 | mod_wsgi | Fixed | RHSA-2014:1091 | 25.08.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | python27-mod_wsgi | Fixed | RHSA-2014:0789 | 25.06.2014 |
| Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 | python33-mod_wsgi | Fixed | RHSA-2014:0789 | 25.06.2014 |
Показывать по
Дополнительная информация
Статус:
6.9 Medium
CVSS2
Связанные уязвимости
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled ...
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
6.9 Medium
CVSS2