Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8583

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2014-8583
Last Modified 27 Mar 2015 09:59:32
Published 16 Dec 2014 01:59:08
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8583

Summary

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Vulnerable Systems

Application

  • Modwsgi Mod Wsgi 4.2.4


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1111034

UBUNTU - USN-2431-1

MLIST - [oss-security] 20141104 Re: CVE request: mod_wsgi group privilege dropping [was Re: Security release for mod_wsgi (version 3.5)]

MLIST - [oss-security] 20140619 CVE request: mod_wsgi group privilege dropping [was Re: Security release for mod_wsgi (version 3.5)]

CONFIRM - http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html

SUSE - openSUSE-SU-2014:1590

MANDRIVA - MDVSA-2014:253

CONFIRM - http://advisories.mageia.org/MGASA-2014-0513.html


Last Updated: 27 May 2016 11:08:14