Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20120921133830.GA26867@kludge.henri.nerv.fi>
Date: Fri, 21 Sep 2012 16:38:30 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: monkey CGI scripts executed without dropping
 RUID/RGID root

Hello,

Please assign 2012 CVE-identifier for following monkey vulnerability:

The Monkey webserver retains RUID/RGID root so that it can regain root as
needed to perform privileged operations. Unfortunately, monkey does not drop
RUID/RGID root before executing CGI scripts. This allows any user with write
access to a cgi-bin directory to gain local root. It would also allow a remote
attacker to do the same in combination with a CGI/PHP script that has any
remote code execution bug.

Reported by John Lightsey in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008
Affected Debian-version is 0.9.3-1 (haven't tested upstream package)
Project page: http://www.monkey-project.com/

- Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.