Lucene search

K

[email protected]NVD:CVE-2011-1176

HistoryMar 29, 2011 - 6:55 p.m.

CVE-2011-1176

2011-03-2918:55:02

[email protected]

web.nvd.nist.gov

4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

71.5%

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Affected configurations

Nvd

Node

mpm-itk_projectmpm-itkMatch2.2.11-01

OR

mpm-itk_projectmpm-itkMatch2.2.11-02

AND

apachehttp_server

Node

debiandebian_linuxMatch5.0

OR

debiandebian_linuxMatch6.0

OR

debiandebian_linuxMatch7.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857

lists.err.no/pipermail/mpm-itk/2011-March/000393.html

lists.err.no/pipermail/mpm-itk/2011-March/000394.html

openwall.com/lists/oss-security/2011/03/20/1

openwall.com/lists/oss-security/2011/03/21/13

www.debian.org/security/2011/dsa-2202

www.mandriva.com/security/advisories?name=MDVSA-2011:057

www.securityfocus.com/bid/46953

www.vupen.com/english/advisories/2011/0748

www.vupen.com/english/advisories/2011/0749

www.vupen.com/english/advisories/2011/0824

exchange.xforce.ibmcloud.com/vulnerabilities/66248

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.003

Percentile

71.5%

Related for NVD:CVE-2011-1176

debiancve1 nessus3 debian2 openvas6 securityvulns2 cvelist1 ubuntucve1 prion1 cve1 ubuntu1 f51