Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Published

2011-03-29T18:55:02.003

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mpm-itk_project	mpm-itk	2.2.11-01	Yes
Application	mpm-itk_project	mpm-itk	2.2.11-02	Yes
Application	apache	http_server	*	No
Operating System	debian	debian_linux	5.0	Yes
Operating System	debian	debian_linux	6.0	Yes
Operating System	debian	debian_linux	7.0	Yes

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857 Issue Tracking, Patch, Third Party Advisory ([email protected])
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html Patch, Third Party Advisory ([email protected])
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html Release Notes, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2011/03/20/1 Mailing List, Third Party Advisory ([email protected])
http://openwall.com/lists/oss-security/2011/03/21/13 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2011/dsa-2202 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:057 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/46953 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0748 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0749 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0824 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/66248 Third Party Advisory, VDB Entry ([email protected])
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.err.no/pipermail/mpm-itk/2011-March/000394.html Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/20/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openwall.com/lists/oss-security/2011/03/21/13 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2202 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:057 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/46953 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0748 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0749 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0824 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66248 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)