Search...

Apache mod_wsgi privilege escalation

2014-12-22T00:00:00

ID SECURITYVULNS:VULN:14163
Type securityvulns
Reporter BUGTRAQ
Modified 2014-12-22T00:00:00

Description

Invalid error processing can lead to privilege escalation.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:VULN:14163", "bulletinFamily": "software", "title": "Apache mod_wsgi privilege escalation", "description": "Invalid error processing can lead to privilege escalation.", "published": "2014-12-22T00:00:00", "modified": "2014-12-22T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14163", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31530"], "cvelist": ["CVE-2014-8583"], "type": "securityvulns", "lastseen": "2018-08-31T11:09:58", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "1e26cc9ab1ef2eef94b0b29ccbb53389"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "1263724c96cb285926f0b6d847480fad"}, {"key": "cvss", "hash": "e8bafdc9ad5c6f47fe1e6e5fd509b7a9"}, {"key": "description", "hash": "f982509b5337a668f8903b4494175b27"}, {"key": "href", "hash": "ba4277d93b28fe9d95b144f86a61523b"}, {"key": "modified", "hash": "ddb68196ac322ad1803e6954e5007feb"}, {"key": "published", "hash": "ddb68196ac322ad1803e6954e5007feb"}, {"key": "references", "hash": "85c985ae8aaf50a5874468cd096cc832"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "a621b862d9416ccc807c578cc77b3d32"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d669340a5a334271b1bf9ee7b48669c193fb5148043ff8ad5f7a43bb2beaa721", "viewCount": 3, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2018-08-31T11:09:58"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-8583"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31530"]}, {"type": "nessus", "idList": ["OPENSUSE-2014-753.NASL", "MANDRIVA_MDVSA-2015-180.NASL", "GENTOO_GLSA-201612-49.NASL", "ALA_ALAS-2018-987.NASL", "UBUNTU_USN-2431-1.NASL", "MOD_WSGI_4_2_4.NASL", "MANDRIVA_MDVSA-2014-253.NASL", "AL2_ALAS-2018-987.NASL"]}, {"type": "ubuntu", "idList": ["USN-2431-1"]}, {"type": "amazon", "idList": ["ALAS-2018-987"]}, {"type": "gentoo", "idList": ["GLSA-201612-49"]}], "modified": "2018-08-31T11:09:58"}, "vulnersScore": 6.1}, "objectVersion": "1.3", "affectedSoftware": [{"name": "mod_wsgi", "operator": "eq", "version": "4.2"}]}

{"cve": [{"lastseen": "2019-05-29T18:13:49", "bulletinFamily": "NVD", "description": "mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.", "modified": "2017-07-01T01:29:00", "id": "CVE-2014-8583", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8583", "published": "2014-12-16T18:59:00", "title": "CVE-2014-8583", "type": "cve", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:56", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:253\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache-mod_wsgi\r\n Date : December 15, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated apache-mod_wsgi package fixes security vulnerability:\r\n \r\n It was discovered that mod_wsgi incorrectly handled errors when\r\n setting up the working directory and group access rights. A malicious\r\n application could possibly use this issue to cause a local privilege\r\n escalation when using daemon mode (CVE-2014-8583).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583\r\n http://advisories.mageia.org/MGASA-2014-0513.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n fe423911e6f14b53ebe83e46b7998f78 mbs1/x86_64/apache-mod_wsgi-3.5-1.mbs1.x86_64.rpm \r\n 0240843f113d435f1f3ab17cab8db75f mbs1/SRPMS/apache-mod_wsgi-3.5-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUjxdomqjQ0CJFipgRAkHYAKDAHNVRKpZ4IoP1NYfmaHpMN50XIQCgv2kn\r\nP7gcJObnc83oRK0+YP3fd14=\r\n=pXOK\r\n-----END PGP SIGNATURE-----\r\n\r\n", "modified": "2014-12-22T00:00:00", "published": "2014-12-22T00:00:00", "id": "SECURITYVULNS:DOC:31530", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31530", "title": "[ MDVSA-2014:253 ] apache-mod_wsgi", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2020-02-01T06:34:08", "bulletinFamily": "scanner", "description": "According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "EULEROS_SA-2019-2633.NASL", "href": "https://www.tenable.com/plugins/nessus/132168", "published": "2019-12-18T00:00:00", "title": "EulerOS 2.0 SP3 : mod_wsgi (EulerOS-SA-2019-2633)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132168);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\n \"CVE-2014-8583\"\n );\n script_bugtraq_id(\n 68111\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : mod_wsgi (EulerOS-SA-2019-2633)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2633\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e6bbc58a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mod_wsgi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"mod_wsgi-3.4-12.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:55:19", "bulletinFamily": "scanner", "description": "apache2-mod_wsgi was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Failure to handle errors when attempting to drop group\n privileges (CVE-2014-8583).", "modified": "2020-02-02T00:00:00", "id": "OPENSUSE-2014-753.NASL", "href": "https://www.tenable.com/plugins/nessus/79815", "published": "2014-12-09T00:00:00", "title": "openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-753.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79815);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/10 11:50:02\");\n\n script_cve_id(\"CVE-2014-8583\");\n\n script_name(english:\"openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)\");\n script_summary(english:\"Check for the openSUSE-2014-753 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"apache2-mod_wsgi was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - Failure to handle errors when attempting to drop group\n privileges (CVE-2014-8583).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=903961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-12/msg00036.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_wsgi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-3.3-12.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-debuginfo-3.3-12.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-debugsource-3.3-12.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-3.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-debuginfo-3.4-2.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-debugsource-3.4-2.28.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_wsgi / apache2-mod_wsgi-debuginfo / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:45:12", "bulletinFamily": "scanner", "description": "Updated apache-mod_wsgi package fixes security vulnerabilities :\n\napache-mod_wsgi before 4.2.4 contained an off-by-one error in applying\na limit to the number of supplementary groups allowed for a daemon\nprocess group. The result could be that if more groups than the\noperating system allowed were specified to the option\nsupplementary-groups, then memory corruption or a process crash could\noccur.\n\nIt was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode (CVE-2014-8583).", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2015-180.NASL", "href": "https://www.tenable.com/plugins/nessus/82455", "published": "2015-03-31T00:00:00", "title": "Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:180. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82455);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/08/02 13:32:57\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_xref(name:\"MDVSA\", value:\"2015:180\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache-mod_wsgi package fixes security vulnerabilities :\n\napache-mod_wsgi before 4.2.4 contained an off-by-one error in applying\na limit to the number of supplementary groups allowed for a daemon\nprocess group. The result could be that if more groups than the\noperating system allowed were specified to the option\nsupplementary-groups, then memory corruption or a process crash could\noccur.\n\nIt was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode (CVE-2014-8583).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0323.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0513.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-mod_wsgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"apache-mod_wsgi-3.5-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T06:34:17", "bulletinFamily": "scanner", "description": "According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "EULEROS_SA-2019-2711.NASL", "href": "https://www.tenable.com/plugins/nessus/132378", "published": "2019-12-23T00:00:00", "title": "EulerOS 2.0 SP5 : mod_wsgi (EulerOS-SA-2019-2711)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132378);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\n \"CVE-2014-8583\"\n );\n script_bugtraq_id(\n 68111\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : mod_wsgi (EulerOS-SA-2019-2711)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2711\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d05a674\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mod_wsgi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"mod_wsgi-3.4-12.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T07:55:40", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-201612-49\n(mod_wsgi: Privilege escalation)\n\n mod_wsgi, when creating a daemon process group, does not properly handle\n dropping group privileges.\n \nImpact :\n\n Context-dependent attackers could escalate privileges due to the\n improper handling of group privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2020-02-02T00:00:00", "id": "GENTOO_GLSA-201612-49.NASL", "href": "https://www.tenable.com/plugins/nessus/96224", "published": "2017-01-03T00:00:00", "title": "GLSA-201612-49 : mod_wsgi: Privilege escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201612-49.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96224);\n script_version(\"$Revision: 3.1 $\");\n script_cvs_date(\"$Date: 2017/01/03 14:55:09 $\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_xref(name:\"GLSA\", value:\"201612-49\");\n\n script_name(english:\"GLSA-201612-49 : mod_wsgi: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201612-49\n(mod_wsgi: Privilege escalation)\n\n mod_wsgi, when creating a daemon process group, does not properly handle\n dropping group privileges.\n \nImpact :\n\n Context-dependent attackers could escalate privileges due to the\n improper handling of group privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201612-49\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mod_wsgi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apache/mod_wsgi-4.3.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apache/mod_wsgi\", unaffected:make_list(\"ge 4.3.0\"), vulnerable:make_list(\"lt 4.3.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T06:42:35", "bulletinFamily": "scanner", "description": "Failure to handle errors when attempting to drop group privileges\n\nmod_wsgi before 4.2.4 for Apache, when creating a daemon process\ngroup, does not properly handle when group privileges cannot be\ndropped, which might allow attackers to gain privileges via\nunspecified vectors. (CVE-2014-8583)", "modified": "2020-02-02T00:00:00", "id": "ALA_ALAS-2018-987.NASL", "href": "https://www.tenable.com/plugins/nessus/109369", "published": "2018-04-27T00:00:00", "title": "Amazon Linux AMI : mod24_wsgi (ALAS-2018-987)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-987.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109369);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/27 12:18:29\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_xref(name:\"ALAS\", value:\"2018-987\");\n\n script_name(english:\"Amazon Linux AMI : mod24_wsgi (ALAS-2018-987)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Failure to handle errors when attempting to drop group privileges\n\nmod_wsgi before 4.2.4 for Apache, when creating a daemon process\ngroup, does not properly handle when group privileges cannot be\ndropped, which might allow attackers to gain privileges via\nunspecified vectors. (CVE-2014-8583)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-987.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod24_wsgi' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-python26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-python27\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-python34\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-python35\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-python36\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-debuginfo-3.5-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-python26-3.5-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-python27-3.5-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-python34-3.5-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-python35-3.5-1.25.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-python36-3.5-1.25.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod24_wsgi-debuginfo / mod24_wsgi-python26 / mod24_wsgi-python27 / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:45:24", "bulletinFamily": "scanner", "description": "According to the web server banner, the version of mod_wsgi running on\nthe remote host is prior to version 4.2.4. It is, therefore, affected\nby a privilege escalation vulnerability.\n\nThe issue is triggered when attempting to drop group privileges and an\nerror with ", "modified": "2020-02-02T00:00:00", "id": "MOD_WSGI_4_2_4.NASL", "href": "https://www.tenable.com/plugins/nessus/76498", "published": "2014-07-14T00:00:00", "title": "Apache mod_wsgi < 4.2.4 Privilege Dropping Privilege Escalation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(76498);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/26\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_bugtraq_id(68111);\n\n script_name(english:\"Apache mod_wsgi < 4.2.4 Privilege Dropping Privilege Escalation\");\n script_summary(english:\"Checks the version of mod_wsgi in the Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server module is affected by a privilege escalation\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the web server banner, the version of mod_wsgi running on\nthe remote host is prior to version 4.2.4. It is, therefore, affected\nby a privilege escalation vulnerability.\n\nThe issue is triggered when attempting to drop group privileges and an\nerror with 'setgid', 'setgroups', and 'initgroups' occurs. The error\nis reported, but mod_wsgi continues to run with root group privileges,\nrather than dropping privileges as intended. A local attacker could\npotentially gain escalated privileges.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e7a37c36\");\n # https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49332efe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to mod_wsgi 4.2.4 or later, or apply the patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-8583\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:modwsgi:mod_wsgi\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"apache_http_version.nasl\");\n script_require_keys(\"installed_sw/Apache\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nget_install_count(app_name:\"Apache\", exit_if_zero:TRUE);\nport = get_http_port(default:80);\ninstall = get_single_install(app_name:\"Apache\", port:port, exit_if_unknown_ver:TRUE);\n\nbackported = get_kb_item_or_exit('www/apache/'+port+'/backported', exit_code:1);\nif (report_paranoia < 2 && backported) audit(AUDIT_BACKPORT_SERVICE, port, \"Apache\");\n\nregex = \"mod_wsgi/([0-9rc.]+)\";\nmatches = pregmatch(pattern:regex, string:install[\"modules\"]);\nif (isnull(matches)) exit(0, \"The server banner from the web server listening on port \"+port+\" doesn't include the mod_wsgi version.\");\nelse version = matches[1];\n\nsuffixes = make_array(\n -2, \"rc(\\d+)\",\n -1, \"c(\\d+)\"\n);\n\nfixed = '4.2.4';\nif (ver_compare(ver:version, fix:fixed, regexes:suffixes) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Version source : ' + server_header +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_LISTEN_NOT_VULN, \"mod_wsgi\", port, version);\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T02:38:20", "bulletinFamily": "scanner", "description": "It was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "UBUNTU_USN-2431-1.NASL", "href": "https://www.tenable.com/plugins/nessus/79717", "published": "2014-12-04T00:00:00", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mod-wsgi vulnerability (USN-2431-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2431-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(79717);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:31\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_bugtraq_id(68111);\n script_xref(name:\"USN\", value:\"2431-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mod-wsgi vulnerability (USN-2431-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2431-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libapache2-mod-wsgi and / or\nlibapache2-mod-wsgi-py3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi-py3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.3-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.3-4ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.4-4ubuntu2.1.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.4-4ubuntu2.1.14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.5-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.5-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-wsgi / libapache2-mod-wsgi-py3\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T00:45:08", "bulletinFamily": "scanner", "description": "Updated apache-mod_wsgi package fixes security vulnerability :\n\nIt was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode (CVE-2014-8583).", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2014-253.NASL", "href": "https://www.tenable.com/plugins/nessus/80042", "published": "2014-12-16T00:00:00", "title": "Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:253. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80042);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/08/02 13:32:56\");\n\n script_cve_id(\"CVE-2014-8583\");\n script_bugtraq_id(68111);\n script_xref(name:\"MDVSA\", value:\"2014:253\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated apache-mod_wsgi package fixes security vulnerability :\n\nIt was discovered that mod_wsgi incorrectly handled errors when\nsetting up the working directory and group access rights. A malicious\napplication could possibly use this issue to cause a local privilege\nescalation when using daemon mode (CVE-2014-8583).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0513.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache-mod_wsgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"apache-mod_wsgi-3.5-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T06:33:11", "bulletinFamily": "scanner", "description": "According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "EULEROS_SA-2019-2367.NASL", "href": "https://www.tenable.com/plugins/nessus/131859", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : mod_wsgi (EulerOS-SA-2019-2367)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131859);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-8583\"\n );\n script_bugtraq_id(\n 68111\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : mod_wsgi (EulerOS-SA-2019-2367)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the mod_wsgi package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - mod_wsgi before 4.2.4 for Apache, when creating a\n daemon process group, does not properly handle when\n group privileges cannot be dropped, which might allow\n attackers to gain privileges via unspecified\n vectors.(CVE-2014-8583)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2367\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?945eafb7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mod_wsgi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"mod_wsgi-3.4-12.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2019-05-29T19:21:15", "bulletinFamily": "unix", "description": "It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.", "modified": "2014-12-03T00:00:00", "published": "2014-12-03T00:00:00", "id": "USN-2431-1", "href": "https://usn.ubuntu.com/2431-1/", "title": "mod_wsgi vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:38:59", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192711", "title": "Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2711)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2711\");\n script_version(\"2020-01-23T13:15:11+0000\");\n script_cve_id(\"CVE-2014-8583\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:15:11 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:15:11 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2711)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2711\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2711\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mod_wsgi' package(s) announced via the EulerOS-SA-2019-2711 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583)\");\n\n script_tag(name:\"affected\", value:\"'mod_wsgi' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.4~12.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192633", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192633", "title": "Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2633)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2633\");\n script_version(\"2020-01-23T13:10:23+0000\");\n script_cve_id(\"CVE-2014-8583\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:10:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:10:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2633)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2633\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2633\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mod_wsgi' package(s) announced via the EulerOS-SA-2019-2633 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583)\");\n\n script_tag(name:\"affected\", value:\"'mod_wsgi' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.4~12.h1\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192367", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192367", "title": "Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2367)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2367\");\n script_version(\"2020-01-23T12:51:28+0000\");\n script_cve_id(\"CVE-2014-8583\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:51:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:51:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for mod_wsgi (EulerOS-SA-2019-2367)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2367\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2367\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'mod_wsgi' package(s) announced via the EulerOS-SA-2019-2367 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583)\");\n\n script_tag(name:\"affected\", value:\"'mod_wsgi' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.4~12.h1\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-12-30T02:13:08", "bulletinFamily": "unix", "description": "### Background\n\nmod_wsgi is an Apache2 module for running Python WSGI applications.\n\n### Description\n\nmod_wsgi, when creating a daemon process group, does not properly handle dropping group privileges. \n\n### Impact\n\nContext-dependent attackers could escalate privileges due to the improper handling of group privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mod_wsgi users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apache/mod_wsgi-4.3.0\"", "modified": "2016-12-30T00:00:00", "published": "2016-12-30T00:00:00", "id": "GLSA-201612-49", "href": "https://security.gentoo.org/glsa/201612-49", "type": "gentoo", "title": "mod_wsgi: Privilege escalation", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2019-05-29T17:22:25", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nFailure to handle errors when attempting to drop group privileges \nmod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. ([CVE-2014-8583 __](<https://access.redhat.com/security/cve/CVE-2014-8583>))\n\n \n**Affected Packages:** \n\n\nmod24_wsgi\n\n \n**Issue Correction:** \nRun _yum update mod24_wsgi_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod24_wsgi-python35-3.5-1.25.amzn1.i686 \n mod24_wsgi-python26-3.5-1.25.amzn1.i686 \n mod24_wsgi-python27-3.5-1.25.amzn1.i686 \n mod24_wsgi-python36-3.5-1.25.amzn1.i686 \n mod24_wsgi-debuginfo-3.5-1.25.amzn1.i686 \n mod24_wsgi-python34-3.5-1.25.amzn1.i686 \n \n src: \n mod24_wsgi-3.5-1.25.amzn1.src \n \n x86_64: \n mod24_wsgi-python35-3.5-1.25.amzn1.x86_64 \n mod24_wsgi-python36-3.5-1.25.amzn1.x86_64 \n mod24_wsgi-debuginfo-3.5-1.25.amzn1.x86_64 \n mod24_wsgi-python26-3.5-1.25.amzn1.x86_64 \n mod24_wsgi-python27-3.5-1.25.amzn1.x86_64 \n mod24_wsgi-python34-3.5-1.25.amzn1.x86_64 \n \n \n", "modified": "2018-04-26T21:47:00", "published": "2018-04-26T21:47:00", "id": "ALAS-2018-987", "href": "https://alas.aws.amazon.com/ALAS-2018-987.html", "title": "Medium: mod24_wsgi", "type": "amazon", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}