CentOS Local Security Checks : CentOS Update for mod

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882016

Categoría: CentOS Local Security Checks

Título: CentOS Update for mod_wsgi CESA-2014:1091 centos7

Resumen: The remote host is missing an update for the 'mod_wsgi'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'mod_wsgi'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The mod_wsgi adapter is an Apache module
that provides a WSGI-compliant interface for hosting Python-based web
applications within Apache.

It was found that mod_wsgi did not properly drop privileges if the call to
setuid() failed. If mod_wsgi was set up to allow unprivileged users to run
WSGI applications, a local user able to run a WSGI application could
possibly use this flaw to escalate their privileges on the system.
(CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for WSGI
applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different solution
with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges Rbert Kisteleki as the original reporter.

All mod_wsgi users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Affected Software/OS:
mod_wsgi on CentOS 7

Solution:
Please install the updated packages.

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0240
BugTraq ID: 67532
http://www.securityfocus.com/bid/67532
http://www.openwall.com/lists/oss-security/2014/05/21/1
RedHat Security Advisories: RHSA-2014:0789
http://rhn.redhat.com/errata/RHSA-2014-0789.html
http://secunia.com/advisories/59551
http://secunia.com/advisories/60094

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882016
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for mod_wsgi CESA-2014:1091 centos7
Resumen:	The remote host is missing an update for the 'mod_wsgi'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'mod_wsgi' package(s) announced via the referenced advisory. Vulnerability Insight: The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. Red Hat would like to thank Graham Dumpleton for reporting this issue. Upstream acknowledges Rbert Kisteleki as the original reporter. All mod_wsgi users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: mod_wsgi on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0240 BugTraq ID: 67532 http://www.securityfocus.com/bid/67532 http://www.openwall.com/lists/oss-security/2014/05/21/1 RedHat Security Advisories: RHSA-2014:0789 http://rhn.redhat.com/errata/RHSA-2014-0789.html http://secunia.com/advisories/59551 http://secunia.com/advisories/60094
Copyright	Copyright (C) 2014 Greenbone AG