Bugzilla – Bug 878550
VUL-0: CVE-2014-0240: apache2-mod_wsgi - Local privilege escalation.
Last modified: 2016-11-18 15:16:41 UTC
EMBARGOED, via vs: Could I request a CVE ID for a local privilege escalation in mod_wsgi. The mod_wsgi package is an Apache module for hosting Python web applications. * http://www.modwsgi.org/ The issue is believed to affect Linux systems running kernel versions >= 2.6.0 and < 3.1.0. The issue affects all versions of mod_wsgi up to and including version 3.4. A fix will be released in version 3.5 of mod_wsgi. The source of the issue derives from mod_wsgi not correctly handling Linux specific error codes from setuid(), which are not covered by the Open Group UNIX specification for setuid(). * http://man7.org/linux/man-pages/man2/setuid.2.html * http://pubs.opengroup.org/onlinepubs/009695399/functions/setuid.html This difference in behaviour between Linux and the UNIX specification was believed to have been removed in version 3.1.0 of the Linux kernel. * https://groups.google.com/forum/?fromgroups=#!topic/linux.kernel/u6cKf4D1D-k The issue would allow a user, where Apache is initially being started as the root user and where running code under mod_wsgi daemon mode, to manipulate the number of processes run by that user to affect the outcome of setuid() when daemon mode processes are forked and so gain escalated privileges for the users code. For backporting to older distro versions of mod_wsgi, the patch for the issue can be viewed at: * https://dl.dropboxusercontent.com/u/22571016/mod_wsgi-setuid-patch.diff The patch is generated relative to: * https://github.com/GrahamDumpleton/mod_wsgi/blob/e2ccb28ffa486a48bf7dce72f958e111cf0e9fd9/mod_wsgi.c Thanks.
MaintenanceTracker-57475
Issue just gone public: http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
Packages submitted for openSUSE as maintenance request 235289
This is an autogenerated message for OBS integration: This bug (878550) was mentioned in https://build.opensuse.org/request/show/235289 13.1+12.3 / apache2-mod_wsgi
For 13.1 there seems to be a build error due to missing dependecy: https://build.opensuse.org/package/live_build_log/openSUSE:Maintenance:2845/apache2-mod_wsgi.openSUSE_12.3_Update/openSUSE_13.1_Update/x86_64
This is an autogenerated message for OBS integration: This bug (878550) was mentioned in https://build.opensuse.org/request/show/235854 Factory / apache2-mod_wsgi
openSUSE-SU-2014:0782-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 878550,878553 CVE References: CVE-2014-0240,CVE-2014-0242 Sources used: openSUSE 13.1 (src): apache2-mod_wsgi-3.4-2.8.1 openSUSE 12.3 (src): apache2-mod_wsgi-3.3-12.4.1, apache2-mod_wsgi-3.4-2.8.1
Update released for: apache2-mod_wsgi Products: SUSE-CLOUD 3.0 (x86_64)
SUSE-SU-2014:0794-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 878550,878553 CVE References: CVE-2014-0240,CVE-2014-0242 Sources used: SUSE Cloud 3 (src): apache2-mod_wsgi-3.3-5.5.1
This is an autogenerated message for OBS integration: This bug (878550) was mentioned in https://build.opensuse.org/request/show/240300 Factory / apache2-mod_wsgi
Update released for: apache2-mod_wsgi, apache2-mod_wsgi-debuginfo, apache2-mod_wsgi-debugsource Products: SUSE-MANAGER 1.7 (x86_64) SUSE-MANAGER-PROXY 1.7 (x86_64)
SUSE-SU-2014:0794-2: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 878550,878553 CVE References: CVE-2014-0240,CVE-2014-0242 Sources used: SUSE Manager Proxy 1.7 for SLE 11 SP2 (src): apache2-mod_wsgi-3.3-5.5.1 SUSE Manager 1.7 for SLE 11 SP2 (src): apache2-mod_wsgi-3.3-5.5.1
SUSE-SU-2014:0956-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 878550,878553 CVE References: CVE-2014-0240 Sources used: SUSE Manager Server (src): apache2-mod_wsgi-3.3-5.5.5 SUSE Manager Proxy (src): apache2-mod_wsgi-3.3-5.5.5
released
SUSE-RU-2015:0611-1: An update that solves 8 vulnerabilities and has 123 fixes is now available. Category: recommended (important) Bug References: 653265,767279,808947,841731,855389,858971,860299,862408,867836,870159,872029,872298,872351,875231,875452,878550,878553,879904,879992,879998,880001,880022,880026,880027,880081,880087,880327,880388,880936,881111,881225,881522,881711,882468,883009,883057,883379,883487,884051,884081,884350,884366,885889,886391,886421,887538,887879,889363,889605,889721,889739,889905,892707,892711,893608,895001,895961,896029,896109,896238,896244,896254,896844,897723,898242,898426,898428,899266,900956,901058,901108,901193,901675,901776,901927,901928,901958,902182,902373,902494,902503,902915,903064,903720,903723,903880,903961,904690,904699,904703,904732,904841,904959,905072,905263,905530,906850,906851,906887,907086,907106,907337,907527,907586,907643,907645,907646,907677,907809,908317,908320,908849,909724,910243,910482,910494,911166,911180,911272,911808,912035,912057,912886,913215,913221,913939,914260,914437,914900,915140,919448 CVE References: CVE-2014-0114,CVE-2014-0240,CVE-2014-0242,CVE-2014-3654,CVE-2014-7811,CVE-2014-7812,CVE-2014-8583,CVE-2014-9130 Sources used: SUSE Manager Server (src): apache2-mod_wsgi-3.3-5.7.17, auditlog-keeper-0.2.3+git.1417708457.eabd1a9-0.7.58, cobbler-2.2.2-0.54.9, google-gson-2.2.4-0.7.52, libyaml-0.1.3-0.10.16.11, oracle-config-1.1-0.10.10.16, osad-5.11.33.7-0.7.16, perl-Class-Singleton-1.4-4.13.38, perl-NOCpulse-Object-1.26.13.2-0.7.13, perl-Satcon-1.20.2-0.7.6, postgresql91-9.1.15-0.3.1, pxe-default-image-0.1-0.20.56, python-enum34-1.0-0.7.33, python-gzipstream-1.10.2.2-0.7.6, rhn-custom-info-5.4.22.6-0.7.13, rhnlib-2.5.69.6-0.7.6, rhnmd-5.3.18.4-0.7.15, rhnpush-5.5.71.7-0.7.16, sm-ncc-sync-data-2.1.9-0.7.6, smdba-1.5.1-0.7.6, spacecmd-2.1.25.7-0.7.9, spacewalk-admin-2.1.2.4-0.7.6, spacewalk-backend-2.1.55.15-0.7.11, spacewalk-branding-2.1.33.10-0.7.16, spacewalk-certs-tools-2.1.6.5-0.7.10, spacewalk-client-tools-2.1.16.6-0.7.9, spacewalk-config-2.1.5.4-0.7.15, spacewalk-doc-indexes-2.1.2.3-0.7.26, spacewalk-java-2.1.165.14-0.7.16, spacewalk-reports-2.1.14.8-0.7.10, spacewalk-search-2.1.14.6-0.7.18, spacewalk-setup-2.1.14.9-0.7.6, spacewalk-setup-jabberd-2.1.0.2-0.7.6, spacewalk-utils-2.1.27.12-0.7.25, spacewalk-web-2.1.60.12-0.7.7, spacewalksd-5.0.14.6-0.7.15, struts-1.2.9-162.33.22, supportutils-plugin-susemanager-1.0.3-0.5.5, supportutils-plugin-susemanager-client-1.0.4-0.5.5, suseRegisterInfo-2.1.9-0.7.29, susemanager-2.1.17-0.7.11, susemanager-jsp_en-2.1-0.15.23, susemanager-manuals_en-2.1-0.15.24, susemanager-schema-2.1.50.11-0.7.8, susemanager-sync-data-2.1.5-0.7.6, tanukiwrapper-3.2.3-0.10.12, yum-3.2.29-0.19.30, zypp-plugin-spacewalk-0.9.8-0.15.51
openSUSE-OU-2016:2222-1: An update that solves one vulnerability and has 7 fixes is now available. Category: optional (low) Bug References: 441794,673937,760344,878550,883229,904409,915666,939717 CVE References: CVE-2014-0240 Sources used: SUSE Package Hub for SUSE Linux Enterprise 12 (src): apache-rpm-macros-20150717-3.1, apache2-mod_wsgi-4.4.8-3.1, python-Flask-0.10.1-3.1, python-Pygments-1.6-3.1, python-Sphinx-1.2b3-3.1, python-Werkzeug-0.10.4-3.1, python-itsdangerous-0.24-3.1, python-nose-1.3.6-3.1