TROYANOSYVIRUS
Voltar para CVEs

CVE-2011-1176

N/A

Descricao

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Detalhes CVE

Pontuacao CVSS v3.1N/A
Publicado3/29/2011
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0

Produtos afetados

apache:http_serverdebian:debian_linuxmpm-itk_project:mpm-itk

Referencias

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857(secalert@redhat.com)
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html(secalert@redhat.com)
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html(secalert@redhat.com)
http://openwall.com/lists/oss-security/2011/03/20/1(secalert@redhat.com)
http://openwall.com/lists/oss-security/2011/03/21/13(secalert@redhat.com)
http://www.debian.org/security/2011/dsa-2202(secalert@redhat.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:057(secalert@redhat.com)
http://www.securityfocus.com/bid/46953(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0748(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0749(secalert@redhat.com)
http://www.vupen.com/english/advisories/2011/0824(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66248(secalert@redhat.com)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857(af854a3a-2127-422b-91ae-364da2661108)
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/20/1(af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/21/13(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2202(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:057(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46953(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0748(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0749(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0824(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66248(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.