oss-sec mailing list archives
CVE-request: monkey CGI scripts executed without dropping RUID/RGID root
From: Henri Salo <henri () nerv fi>
Date: Fri, 21 Sep 2012 16:38:30 +0300
Hello, Please assign 2012 CVE-identifier for following monkey vulnerability: The Monkey webserver retains RUID/RGID root so that it can regain root as needed to perform privileged operations. Unfortunately, monkey does not drop RUID/RGID root before executing CGI scripts. This allows any user with write access to a cgi-bin directory to gain local root. It would also allow a remote attacker to do the same in combination with a CGI/PHP script that has any remote code execution bug. Reported by John Lightsey in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008 Affected Debian-version is 0.9.3-1 (haven't tested upstream package) Project page: http://www.monkey-project.com/ - Henri Salo
Current thread:
- CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Henri Salo (Sep 21)
- Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root Kurt Seifried (Sep 21)