|
|
Info |
Last Modified |
| 5 months ago |
|
|
|
|
Description |
FastCGI mod_fastcgi contains a flaw that may allow privilege escalation. The issue occurs when the FastCgiWrapper (FastCgiSuexec) is used in conjunction with servers on a virtual host (vhost) configuration. In some situations, mod_fastcgi would fail to use the wrapper (suexec) due to it thinking it had the required privileges. As a result, some applications were receiving the privileges of the server directly (often 'root') instead of the required privileges via the wrapper (limited). This may allow some users to use custom CGI's that would run with full root privileges causing a loss of integrity.
|
|
Classification |
Location:
Local Access Required,
Remote/Network Access Required
Attack Type:
Misconfiguration
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 2.4.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
|
|
Products |
|
mod_fastcgi
 |
2.2.10 |
2.2.12 |
2.2.4 |
2.2.6 |
2.2.8 |
|
|
|
|
Credit |
- Michael Richards - michael
 fastmail.ca -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
