Re: CVE request: mod_ruid2 before 0.9.8

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/22/2013 02:46 PM, John Lightsey wrote:
> On 03/22/2013 03:36 PM, Kurt Seifried wrote:
> > On 03/22/2013 09:08 AM, John Lightsey wrote:
>
> > > In versions of mod_ruid2 before 0.9.8, the filedescriptor used
> > > to break out of the chroot is inherited by all Apache
> > > subprocesses. This allows CGI scripts to also to break out of
> > > the chroot by performing a fchdir() across the inherited file
> > > descriptor.
> >
> >
> > > http://sourceforge.net/mailarchive/forum.php?thread_name=514C503E.4020109%40users.sourceforge.net&forum_name=mod-ruid-announce
> >
> >
> > >
Can
> > you provide a link to the source code fix? thanks.
>
> https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
>
>  The key part of the fix is the block at line 366:
>
> } else if (fcntl(root_handle, F_SETFD, FD_CLOEXEC) < 0) { ...

Please use CVE-2013-1889  for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRTQs5AAoJEBYNRVNeJnmTG+MP/A4hqaWgx8sgkUKqHvW++fM6
g0fcssim88qbs832NflSmY4E0+UrIryvvJvXJJCcMabulFj8zpsYKa/eMqUNq/hp
hda6byGQlH8hFK7ykgzBiUOsTG9oBkGG3VYyirxB2iRlCuvTIRLwU04iR8EYo4iF
2jw3PrUfY8bWRW0xGStZc6xhhZmL3DizePrywcm4LAYnM+LJTysZFJYT/dPMvBWZ
zQphenEXH7UtJpDiB32BcoQzhwYhZiyp+lpfTCLh6noqDqLSTJ3Nd1Yz6bxTnNl7
8gWVrIjfs4qcxdWU4wVxMBGE0oWLv7x2ZfOQpcPDEOGxqCLuY9khh/0n/gGARz3S
DmJEmJ6ZI811/2mHPHWDVLuodfeLtTUdbHWfI0tirnWS398C9yjZtU4EPfL4sgqc
etttqxCaAeRmEKmi2VqBAB4/kB4TzImkLx3ecwpMPJs77hHXDoxdCuYWhMw3mACg
FDFaXvNPAgKdoX8feKYkgTeFPdzMYvQZLbRVpgvd0B9Ox3KsmfQUHeVynFWYTXZp
Mmhhidk774GEynFZRPl/2YNmnHv9hvtBf0fy1jRBQ3D9Y04wHNMbPNpigkfSr+p6
S8828q6100T0g3kX0xTpeLowtwieaYUZgqUaif0EEDS/8pnDg8LXZN7Oe6MNXt86
V5W4lUEaHZW+xtm5dHbc
=ROLP
-----END PGP SIGNATURE-----