mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | libapache2-mod-ruid2 | < 0.9.8-4 | libapache2-mod-ruid2_0.9.8-4_all.deb |