Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/21/2012 07:38 AM, Henri Salo wrote:
> Hello,
>
> Please assign 2012 CVE-identifier for following monkey
> vulnerability:
>
> The Monkey webserver retains RUID/RGID root so that it can regain
> root as needed to perform privileged operations. Unfortunately,
> monkey does not drop RUID/RGID root before executing CGI scripts.
> This allows any user with write access to a cgi-bin directory to
> gain local root. It would also allow a remote attacker to do the
> same in combination with a CGI/PHP script that has any remote code
> execution bug.
>
> Reported by John Lightsey in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008 Affected
> Debian-version is 0.9.3-1 (haven't tested upstream package) Project
> page: http://www.monkey-project.com/
>
> - Henri Salo

Please use CVE-2012-4443 for this issue

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQXK38AAoJEBYNRVNeJnmTf8sP/2QWmTgCNtJMrs/iKqp/mOGx
dGP0z+bu1ZcdrHR97B2gYy0z9wguyOx5R+pDEyd6IFPe8PCIbJLA5SGgx9aHMi31
Q0njfagpqtwQugDxvP/yTqBfdp8QhUoExiYsry3lhu2Dg/7uN2hpex1tBY+sx6GY
qziqb+NGoKezMmcMO4C3mbh0wtGRXVWDOs73UCP208/RTO5GOczgDHKiIXViSpDf
hpM2am1n/JXasUYzz3J/cyibHg3PPmOZk9eMd6N+Wy1rmPekl9Wy/QHsXsmUv2lm
1bdfhtHhWx9iAwUOjZrb1NnnWItltoaH8L+gUX/Cr4TFjNB1nizAD79jUL4DRSft
jDkWBR0oeqQdPPYjWdjT97gbf8+LjyloQUqbTIrqN5j2sTsu+JtWD3jSMrUn10C/
SyDFITk+JLWP7D2dWYILGUMioN6TB7TVaIIY0M1z6K/99No6ztPFAOf/RlQLRD44
qomwr1mRE2hYlzLNGTikBecGt20vnBDmGj1LO/S39M9YhF82lqaOuuv1T/+7A2pC
AxQVlckGhOCtMpKniaC61wllYdrhEhXWANogm4AA4/VAz/YdRUUgFPYXLAcxVaX5
t3FfzNNeo2fQ42/kO4HbcpjH+F4IQSKF0dTkUOnju8KyR7/vMSxeWHXW6kWiY/Qp
v68A5rKh4uwoarc+ZEbQ
=m1pI
-----END PGP SIGNATURE-----