[Python-modules-team] Bug#748910: marked as done (CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode)

Debian Bug Tracking System Tue, 03 Jun 2014 23:52:31 -0700

Your message dated Wed, 04 Jun 2014 06:50:05 +0000
with message-id <e1ws51r-0003jz...@franck.debian.org>
and subject line Bug#748910: fixed in mod-wsgi 3.3-4+deb7u1
has caused the Debian Bug report #748910,
regarding CVE-2014-0240: Possibility of local privilege escalation when using 
daemon, mode
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
748910: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748910
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libapache2-mod-wsgi
Version: 3.3-4
Severity: critical
Tags: security
Justification: root security hole

Dear Maintainer,

as far as I can tell, CVE-2014-0240 affects the stable package of
mod-wsgi. The
patch provided by the mod-wsgi team applies wih fuzzing to the source
shipped
by debian. If a kernel >= 2.6.0 and < 3.1.0 is installed, this issue might
allow local privilege escalation



-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther

commit d9d5fea585b23991f76532a9b07de7fcd3b649f4
Author: Graham Dumpleton <graham.dumple...@gmail.com>
Date:   Wed May 21 16:16:47 2014 +1000

    Local privilege escalation when using daemon mode. (CVE-2014-0240)

diff --git a/mod_wsgi.c b/mod_wsgi.c
index 32b2903..3ef911b 100644
--- a/mod_wsgi.c
+++ b/mod_wsgi.c
@@ -10756,6 +10756,19 @@ static void wsgi_setup_access(WSGIDaemonProcess *daemon)
         ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server,
                      "mod_wsgi (pid=%d): Unable to change to uid=%ld.",
                      getpid(), (long)daemon->group->uid);
+
+        /*
+         * On true UNIX systems this should always succeed at
+         * this point. With certain Linux kernel versions though
+         * we can get back EAGAIN where the target user had
+         * reached their process limit. In that case will be left
+         * running as wrong user. Just exit on all failures to be
+         * safe. Don't die immediately to avoid a fork bomb.
+         */
+
+        sleep(20);
+
+        exit(-1);
     }
 
     /*

smime.p7s
Description: S/MIME Cryptographic Signature

--- End Message ---

--- Begin Message ---

Source: mod-wsgi
Source-Version: 3.3-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
mod-wsgi, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 748...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fge...@debian.org> (supplier of updated mod-wsgi package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 21 May 2014 22:20:57 +0200
Source: mod-wsgi
Binary: libapache2-mod-wsgi libapache2-mod-wsgi-py3
Architecture: source amd64
Version: 3.3-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Python Modules Team 
<python-modules-team@lists.alioth.debian.org>
Changed-By: Felix Geyer <fge...@debian.org>
Description: 
 libapache2-mod-wsgi - Python WSGI adapter module for Apache
 libapache2-mod-wsgi-py3 - Python 3 WSGI adapter module for Apache
Closes: 748910
Changes: 
 mod-wsgi (3.3-4+deb7u1) wheezy-security; urgency=high
 .
   * Fix possibility of local privilege escalation when using daemon mode.
     (Closes: #748910)
     - CVE-2014-0240
     - debian/patches/CVE-2014-0240.patch: backport upstream commit
   * Fix possibility of disclosure via Content-Type response header.
     - CVE-2014-0242
     - debian/patches/CVE-2014-0242.patch: backport upstream commit
Checksums-Sha1: 
 7783101cfbe50a9ee53daf5c1f8bbef30d8ba60c 2112 mod-wsgi_3.3-4+deb7u1.dsc
 b3c4d968d00c1dfccaf1e2e57eae4f02e19fde3b 12925 
mod-wsgi_3.3-4+deb7u1.debian.tar.gz
 8ab5fcfc2e6dfd1b58954ebb556ca99560e341ec 135124 
libapache2-mod-wsgi_3.3-4+deb7u1_amd64.deb
 4d4bb302b2a72c2ae3e5ce9838e1864af0ef2bc9 77444 
libapache2-mod-wsgi-py3_3.3-4+deb7u1_amd64.deb
Checksums-Sha256: 
 c0811ff64a52c49928319b348de74b51b840eb5346f68858053d26492f68304e 2112 
mod-wsgi_3.3-4+deb7u1.dsc
 693c9cce165dbedf77921fbfcd5b4520c97ac70eca781a8af2b18ef3824b7eff 12925 
mod-wsgi_3.3-4+deb7u1.debian.tar.gz
 5590603e151ab51a1aaefafa4e14d01599db2f1b21d97b893f1b1db40eaf613f 135124 
libapache2-mod-wsgi_3.3-4+deb7u1_amd64.deb
 4131711ac6499947d4831dadbd26f72447981a526f5a0131df0f290b6f242677 77444 
libapache2-mod-wsgi-py3_3.3-4+deb7u1_amd64.deb
Files: 
 1eb2e6e2d7982def3f437f4f288ced17 2112 httpd optional mod-wsgi_3.3-4+deb7u1.dsc
 95aeea2f766e7376b7172d7ddb6260bc 12925 httpd optional 
mod-wsgi_3.3-4+deb7u1.debian.tar.gz
 a6e53f946c2fb7fe1319e6c7b05e22fe 135124 httpd optional 
libapache2-mod-wsgi_3.3-4+deb7u1_amd64.deb
 2e9a58e2acd96357ddbc69b662b3f2ba 77444 httpd optional 
libapache2-mod-wsgi-py3_3.3-4+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTfurEAAoJEP4ixv2DE11FOT4P/irnGCPaU+b1uHOufUBdNkxp
Mf2B/Ze2TkZsd3qEmGr0VAACdYnMW3DfAslHaYYtN2Q3iAUgN7Wo1txBmTN88+16
cUXxwIl8EUJzU2PDE3oQcaIbyVVUF0J5u/EzpU0mGWujKJAuhNIm/Zj5NfoqNARL
dKCE5kiIS/Br8TtDF1d42BHAEePaG3ZxQCLe1Ajaij9yfvlZnrFGKl6YxquAmyMJ
y8HDhZ0dmL8PQwWhPWKDgGpigAJ0cUFyfDbHuTdqvQJRjLbikJSCSQVhElGV1mWI
hkUtu8/76kPO+ZF1OoBxTGWz1Xw9yBaORiyRLklArCQQlA/ybsU/Ds8fVT2/ExS8
aJQNXd7WcosLQRw5dvbqzf4mSy0rf2Geh+Q/jNjqmbqdmu5uw8MGFnxLRkaHzRtR
1OQusIvJuiM1XslcJ9rnLevn1dx09FbC8rnXRioFfc1f2wLaSo7HT/rG6om5mYAM
phYNZlkRvaHb8GDqxfc2PvGY9/n2K1ICIFaoXKRb1y5TGPzsERIwbyY2H9pR1yTE
uH+xmETsWJ7yC3/FBjzuq1o8HByqm6FyW3HT24dGezEAE2HGvTU1OasXJMXtiOXO
vPwojQg0efcl9foZvougbuWXwppV9Gc9P7U2P2bAfLy1HiW7dmD16e+DXtiZPcT/
ScbihnGtTikdPjaZBO/q
=rupe
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team

[Python-modules-team] Bug#748910: marked as done (CVE-2014-0240: Possibility of local privilege escalation when using daemon, mode)

Reply via email to