[Python-modules-team] Bug#748910: CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode
Eric Sesterhenn
eric.sesterhenn at lsexperts.de
Thu May 22 07:57:53 UTC 2014
Package: libapache2-mod-wsgi
Version: 3.3-4
Severity: critical
Tags: security
Justification: root security hole
Dear Maintainer,
as far as I can tell, CVE-2014-0240 affects the stable package of
mod-wsgi. The
patch provided by the mod-wsgi team applies wih fuzzing to the source
shipped
by debian. If a kernel >= 2.6.0 and < 3.1.0 is installed, this issue might
allow local privilege escalation
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mod_wsgi.diff
Type: text/x-patch
Size: 1072 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20140522/29ef9ac2/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4011 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20140522/29ef9ac2/attachment-0003.bin>
More information about the Python-modules-team
mailing list