FastCGI mod_fastcgi Socket Permission Weakness

1996-09-04T00:00:00
ID OSVDB:6477
Type osvdb
Reporter OSVDB
Modified 1996-09-04T00:00:00

Description

Vulnerability Description

FastCGI mod_fastcgi contains a flaw that may allow local users to manipulate arbitrary processes. The issue is due to the module not properly setting permissions on Unix domain listening sockets it creates. This may allow a local attacker to read, write or delete from any process, depending on the umask at time of creation.

Solution Description

Upgrade to version 1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

FastCGI mod_fastcgi contains a flaw that may allow local users to manipulate arbitrary processes. The issue is due to the module not properly setting permissions on Unix domain listening sockets it creates. This may allow a local attacker to read, write or delete from any process, depending on the umask at time of creation.

References:

Vendor URL: http://www.fastcgi.com/ Vendor Specific Advisory URL