Vulnerability Description
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Modwsgi | Mod Wsgi | <= 3.4 |
Related Weaknesses (CWE)
References
- http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
- http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html
- http://rhn.redhat.com/errata/RHSA-2014-0789.html
- http://secunia.com/advisories/59551
- http://secunia.com/advisories/60094
- http://www.openwall.com/lists/oss-security/2014/05/21/1
- http://www.securityfocus.com/bid/67532
- http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
- http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.html
- http://rhn.redhat.com/errata/RHSA-2014-0789.html
- http://secunia.com/advisories/59551
- http://secunia.com/advisories/60094
- http://www.openwall.com/lists/oss-security/2014/05/21/1
- http://www.securityfocus.com/bid/67532
FAQ
What is CVE-2014-0240?
CVE-2014-0240 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain priv...
How severe is CVE-2014-0240?
CVE-2014-0240 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0240?
Check the references section above for vendor advisories and patch information. Affected products include: Modwsgi Mod Wsgi.