PT-2014-3551 · Linux+5 · Linux+5

Published

2014-05-23

Updated

2017-12-21

CVE-2014-0240

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions mod wsgi versions prior to 3.5

Description The issue arises when the mod wsgi module for Apache is run in daemon mode on certain Linux kernels. It fails to properly handle error codes returned by setuid, allowing local users to gain privileges through vectors related to the number of running processes.

Recommendations For mod wsgi versions prior to 3.5, update to version 3.5 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1386

CESA-2014_0788

CESA-2014_1091

CVE-2014-0240

DSA-2937-1

OPENSUSE-SU-2024:10457-1

RHSA-2014:0788

RHSA-2014:0789

RHSA-2014:1091

RHSA-2014_0788

RHSA-2014_1091

SUSE-RU-2015:0611-1

USN-2222-1

Affected Products

Alt Linux

Centos

Linux

Red Hat

Ubuntu

Mod Wsgi

PT-2014-3551 · Linux+5 · Linux+5

CVE-2014-0240

Weakness Enumeration

Related Identifiers

Affected Products

References · 39