Computer Security
[EN] securityvulns.ru no-pyccku


Apache mpm_itk module privilege escalation
Published:25.03.2011
Source:
SecurityVulns ID:11534
Type:remote
Threat Level:
5/10
Description:Under some conditions, request is processed with root privileged.
Affected:MPMITK : mpm-itk 2.2
CVE:CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2202-1] apache2 security update (25.03.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod