oss-sec mailing list archives
Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 21 Sep 2012 12:12:12 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/21/2012 07:38 AM, Henri Salo wrote:
Hello, Please assign 2012 CVE-identifier for following monkey vulnerability: The Monkey webserver retains RUID/RGID root so that it can regain root as needed to perform privileged operations. Unfortunately, monkey does not drop RUID/RGID root before executing CGI scripts. This allows any user with write access to a cgi-bin directory to gain local root. It would also allow a remote attacker to do the same in combination with a CGI/PHP script that has any remote code execution bug. Reported by John Lightsey in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008 Affected Debian-version is 0.9.3-1 (haven't tested upstream package) Project page: http://www.monkey-project.com/ - Henri Salo
Please use CVE-2012-4443 for this issue - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQXK38AAoJEBYNRVNeJnmTf8sP/2QWmTgCNtJMrs/iKqp/mOGx dGP0z+bu1ZcdrHR97B2gYy0z9wguyOx5R+pDEyd6IFPe8PCIbJLA5SGgx9aHMi31 Q0njfagpqtwQugDxvP/yTqBfdp8QhUoExiYsry3lhu2Dg/7uN2hpex1tBY+sx6GY qziqb+NGoKezMmcMO4C3mbh0wtGRXVWDOs73UCP208/RTO5GOczgDHKiIXViSpDf hpM2am1n/JXasUYzz3J/cyibHg3PPmOZk9eMd6N+Wy1rmPekl9Wy/QHsXsmUv2lm 1bdfhtHhWx9iAwUOjZrb1NnnWItltoaH8L+gUX/Cr4TFjNB1nizAD79jUL4DRSft jDkWBR0oeqQdPPYjWdjT97gbf8+LjyloQUqbTIrqN5j2sTsu+JtWD3jSMrUn10C/ SyDFITk+JLWP7D2dWYILGUMioN6TB7TVaIIY0M1z6K/99No6ztPFAOf/RlQLRD44 qomwr1mRE2hYlzLNGTikBecGt20vnBDmGj1LO/S39M9YhF82lqaOuuv1T/+7A2pC AxQVlckGhOCtMpKniaC61wllYdrhEhXWANogm4AA4/VAz/YdRUUgFPYXLAcxVaX5 t3FfzNNeo2fQ42/kO4HbcpjH+F4IQSKF0dTkUOnju8KyR7/vMSxeWHXW6kWiY/Qp v68A5rKh4uwoarc+ZEbQ =m1pI -----END PGP SIGNATURE-----
Current thread:
- CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Henri Salo (Sep 21)
- Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Kurt Seifried (Sep 21)