Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4442

Overview

Vulnerability Score 4.7 4.7
CVE Id CVE-2012-4442
Last Modified 08 Oct 2012 12:00:00
Published 05 Oct 2012 05:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4442

Summary

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

Vulnerable Systems

Application

  • Monkey-project Monkey Http Daemon 0.9.3


References

MLIST - [oss-security] 20120920 Re: CVE-request: monkey fails to drop supplemental groups when lowering privileges

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007


Last Updated: 27 May 2016 11:00:52