CentOS Local Security Checks : CentOS Update for mod

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.882016

Kategorie: CentOS Local Security Checks

Titel: CentOS Update for mod_wsgi CESA-2014:1091 centos7

Zusammenfassung: The remote host is missing an update for the 'mod_wsgi'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'mod_wsgi'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The mod_wsgi adapter is an Apache module
that provides a WSGI-compliant interface for hosting Python-based web
applications within Apache.

It was found that mod_wsgi did not properly drop privileges if the call to
setuid() failed. If mod_wsgi was set up to allow unprivileged users to run
WSGI applications, a local user able to run a WSGI application could
possibly use this flaw to escalate their privileges on the system.
(CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for WSGI
applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different solution
with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges Rbert Kisteleki as the original reporter.

All mod_wsgi users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
mod_wsgi on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-0240
BugTraq ID: 67532
http://www.securityfocus.com/bid/67532
http://www.openwall.com/lists/oss-security/2014/05/21/1
RedHat Security Advisories: RHSA-2014:0789
http://rhn.redhat.com/errata/RHSA-2014-0789.html
http://secunia.com/advisories/59551
http://secunia.com/advisories/60094

Copyright Copyright (C) 2014 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.882016
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for mod_wsgi CESA-2014:1091 centos7
Zusammenfassung:	The remote host is missing an update for the 'mod_wsgi'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'mod_wsgi' package(s) announced via the referenced advisory. Vulnerability Insight: The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. Red Hat would like to thank Graham Dumpleton for reporting this issue. Upstream acknowledges Rbert Kisteleki as the original reporter. All mod_wsgi users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: mod_wsgi on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0240 BugTraq ID: 67532 http://www.securityfocus.com/bid/67532 http://www.openwall.com/lists/oss-security/2014/05/21/1 RedHat Security Advisories: RHSA-2014:0789 http://rhn.redhat.com/errata/RHSA-2014-0789.html http://secunia.com/advisories/59551 http://secunia.com/advisories/60094
Copyright	Copyright (C) 2014 Greenbone AG