CVE-2011-1176
First published: Tue Mar 29 2011(Updated: )
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Debian | =5.0 | |
| Debian | =7.0 | |
| Debian | =6.0 | |
| mpm-itk | =2.2.11-01 | |
| mpm-itk | =2.2.11-02 | |
| Apache HTTP Server | ||
| Debian Debian Linux | =5.0 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://openwall.com/lists/oss-security/2011/03/20/1
- http://www.securityfocus.com/bid/46953
- http://openwall.com/lists/oss-security/2011/03/21/13
- http://www.vupen.com/english/advisories/2011/0749
- http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html
- http://www.debian.org/security/2011/dsa-2202
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857
- http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html
- http://www.vupen.com/english/advisories/2011/0748
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:057
- http://www.vupen.com/english/advisories/2011/0824
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66248
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/debian
- canonical/debian
- version/debian/5.0
- version/debian/7.0
- version/debian/6.0
- vendor/mpm-itk project
- canonical/mpm-itk
- version/mpm-itk/2.2.11-01
- version/mpm-itk/2.2.11-02
- vendor/apache
- canonical/apache http server
- canonical/debian debian linux
- version/debian debian linux/5.0
- version/debian debian linux/6.0
- version/debian debian linux/7.0