CVE-2014-0240
Published: 23 May 2014
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
Notes
Author | Note |
---|---|
mdeslaur | from upstream: The issue is believed to affect Linux systems running kernel versions >= 2.6.0 and < 3.1.0. |
Priority
Status
Package | Release | Status |
---|---|---|
mod-wsgi Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(3.3-4ubuntu0.1)
|
|
saucy |
Released
(3.4-4ubuntu2.1.13.10.1)
|
|
trusty |
Released
(3.4-4ubuntu2.1.14.04.1)
|
|
upstream |
Released
(3.5-1)
|
|
Patches: upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4 |