CVE-2011-1176

Name of the Vulnerable Software and Affected Versions mpm-itk Multi-Processing Module versions 2.2.11-01 through 2.2.11-02

Description The configuration merger in itk.c does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Recommendations For versions 2.2.11-01 and 2.2.11-02, consider updating to a version where this issue is fixed, as the current versions do not properly handle certain configuration sections. At the moment, there is no information about a newer version that contains a fix for this vulnerability.