CVE-2014-0240 - OpenCVE

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Modwsgi	Mod Wsgi
Redhat	Enterprise Linux Rhel Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:modwsgi:mod_wsgi::::::::
	cpe:2.3:a:modwsgi:mod_wsgi:1.0:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.1:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.2:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.3:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.4:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.5:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:1.6:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.0:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.1:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.2:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.3:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.4:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.5:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.6:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.7:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:2.8:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:3.0:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:3.1:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:3.2:::::::*
	cpe:2.3:a:modwsgi:mod_wsgi:3.3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
mod_wsgi-0:3.2-6.el6_5	cpe:/o:redhat:enterprise_linux:6	RHSA-2014:0788	2014-06-25T00:00:00Z
Red Hat Enterprise Linux 7
mod_wsgi-0:3.4-12.el7_0	cpe:/o:redhat:enterprise_linux:7	RHSA-2014:1091	2014-08-25T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
python27-mod_wsgi-0:3.4-12.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
python33-mod_wsgi-0:3.4-14.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.3 EUS
python27-mod_wsgi-0:3.4-12.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
python33-mod_wsgi-0:3.4-14.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
python27-mod_wsgi-0:3.4-12.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
python33-mod_wsgi-0:3.4-14.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0789	2014-06-25T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7
python27-mod_wsgi-0:3.4-13.el7	cpe:/a:redhat:rhel_software_collections:1::el7	RHSA-2014:0789	2014-06-25T00:00:00Z
python33-mod_wsgi-0:3.4-13.el7	cpe:/a:redhat:rhel_software_collections:1::el7	RHSA-2014:0789	2014-06-25T00:00:00Z

References

Link	Providers
http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html
http://rhn.redhat.com/errata/RHSA-2014-0789.html
http://secunia.com/advisories/59551
http://secunia.com/advisories/60094
http://www.openwall.com/lists/oss-security/2014/05/21/1
http://www.securityfocus.com/bid/67532
https://nvd.nist.gov/vuln/detail/CVE-2014-0240
https://www.cve.org/CVERecord?id=CVE-2014-0240

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-27T15:00:00

Updated: 2024-08-06T09:05:39.376Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0240

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-27T14:55:12.197

Modified: 2017-12-21T02:29:00.373

Link: CVE-2014-0240

Redhat

Severity : Important

Publid Date: 2014-05-21T00:00:00Z

Links: CVE-2014-0240 - Bugzilla

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object