CVE-2014-0240
published 2014-05-27CVE-2014-0240: The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux…
PriorityP420medium6.2CVSS 2.0
AVLACHAuNCCICAC
EPSS
0.41%
32.9th percentile
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mod-wsgi | < mod-wsgi 3.5-1 (bookworm) | mod-wsgi 3.5-1 (bookworm) |
| modwsgi | mod_wsgi | <= 3.4 | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
| modwsgi | mod_wsgi | — | — |
CVSS provenance
nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3r2-mvh7-9pcc: The mod_wsgi module before 3
ghsa_unreviewed·2022-05-17
CVE-2014-0240 [MEDIUM] GHSA-p3r2-mvh7-9pcc: The mod_wsgi module before 3
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
OSV
CVE-2014-0240: The mod_wsgi module before 3
osv·2014-05-27·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240: The mod_wsgi module before 3
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
OSV
mod-wsgi vulnerabilities
osv·2014-05-26·CVSS 6.2
CVE-2014-0240 [MEDIUM] mod-wsgi vulnerabilities
mod-wsgi vulnerabilities
Róbert Kisteleki discovered mod_wsgi incorrectly checked setuid return
values. A malicious application could use this issue to cause a local
privilege escalation when using daemon mode. (CVE-2014-0240)
Buck Golemon discovered that mod_wsgi used memory that had been freed.
A remote attacker could use this issue to read process memory via the
Content-Type response header. This issue only affected Ubuntu 12.04 LTS.
(CVE-2014-0242)
Ubuntu
mod_wsgi vulnerabilities
vendor_ubuntu·2014-05-26·CVSS 6.2
CVE-2014-0240 [MEDIUM] mod_wsgi vulnerabilities
Title: mod_wsgi vulnerabilities
Summary: mod_wsgi could be made to run programs as an administrator if it executes
a specially crafted file.
mod_wsgi could be made to expose sensitive information over the network.
Róbert Kisteleki discovered mod_wsgi incorrectly checked setuid return
values. A malicious application could use this issue to cause a local
privilege escalation when using daemon mode. (CVE-2014-0240)
Buck Golemon discovered that mod_wsgi used memory that had been freed.
A remote attacker could use this issue to read process memory via the
Content-Type response header. This issue only affected Ubuntu 12.04 LTS.
(CVE-2014-0242)
Instructions: After a standard system update you need to restart apache2 to make
all the necessary changes.
Red Hat
mod_wsgi: possible privilege escalation in setuid() failure scenarios
vendor_redhat·2014-05-21·CVSS 6.2
CVE-2014-0240 [MEDIUM] CWE-271 mod_wsgi: possible privilege escalation in setuid() failure scenarios
mod_wsgi: possible privilege escalation in setuid() failure scenarios
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system.
Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications shoul
Debian
CVE-2014-0240: mod-wsgi - The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not...
vendor_debian·2014·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240: mod-wsgi - The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not...
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.
Scope: local
bookworm: resolved (fixed in 3.5-1)
bullseye: resolved (fixed in 3.5-1)
forky: resolved (fixed in 3.5-1)
sid: resolved (fixed in 3.5-1)
trixie: resolved (fixed in 3.5-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
bugzilla·2014-05-28·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 trackin
Bugzilla
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios
bugzilla·2014-05-28·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios
mod_wsgi allows you to host Python applications on the Apache HTTP Server. It was reported that mod_wsgi could fail to drop root privileges: if the setuid() call failed, an error was logged and mod_wsgi continued running with elevated privileges, rather than exiting.
If an administrator has configured mod_wsgi to allow less trusted users to run a WSGI application, they could use this flaw to escalate their privileges if they are able to cause the setuid() call to fail.
Note that it is not clear whether mod_wsgi was designed to be safe against local attackers, and this may be a similar situation to PHP's safe mode, https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1
This issue has been fixed in mod_wsg
Bugzilla
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [fedora-all]
bugzilla·2014-05-28·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [fedora-all]
CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issu
Bugzilla
CVE-2014-0240 python26-mod_wsgi: mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
bugzilla·2014-05-28·CVSS 6.2
CVE-2014-0240 [MEDIUM] CVE-2014-0240 python26-mod_wsgi: mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
CVE-2014-0240 python26-mod_wsgi: mod_wsgi: possible privilege escalation in setuid() failure scenarios [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when availab
http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.htmlhttp://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0789.htmlhttp://secunia.com/advisories/59551http://secunia.com/advisories/60094http://www.openwall.com/lists/oss-security/2014/05/21/1http://www.securityfocus.com/bid/67532http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.htmlhttp://modwsgi.readthedocs.org/en/latest/release-notes/version-3.5.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0789.htmlhttp://secunia.com/advisories/59551http://secunia.com/advisories/60094http://www.openwall.com/lists/oss-security/2014/05/21/1http://www.securityfocus.com/bid/67532
2014-05-27
Published