Bug#644169: libapache2-mod-perl2: PerlOptions -Sections not permitted in server config, but should be
Dominic Hargreaves
dom at earth.li
Wed Nov 14 09:25:58 GMT 2018
On Sun, Aug 26, 2018 at 04:26:09PM +0200, Salvatore Bonaccorso wrote:
> Hi
>
> Back in 2011 after this bug was reported, for the security implication
> mentioned, CVE-2011-2767 was assigned. mod_perl checks .htaccess files
> for <Perl> sections, and users allowed to write to .htaccess files can
> run code as the user running the web server, leading to privilege
> escalation.
>
> This can be demonstrated in situations were both mod_perl and userdir
> support would be enabled, or other setups potentially leading to full
> root privilege escalation.
>
> Jan, want to outline your finding in more detail? I just have
> submitted the CVE itself to MITRE, as it was back then assigned from
> the Debian pool.
This was apparently already fixed in jessie (LTS) - I've now updated the
bug metadata and I'll look at applying the fix in unstable and stable.
Dominic.
More information about the pkg-perl-maintainers
mailing list