CVE-2014-8583

Advisory

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html
• http://www.openwall.com/lists/oss-security/2014/11/04/8
• http://lists.opensuse.org/opensuse-updates/2014-12/msg00036.html
• https://bugzilla.redhat.com/show_bug.cgi?id=1111034
• http://www.openwall.com/lists/oss-security/2014/06/19/7
• http://www.ubuntu.com/usn/USN-2431-1
• http://www.mandriva.com/security/advisories?name=MDVSA-2014:253
• http://advisories.mageia.org/MGASA-2014-0513.html
• http://www.securityfocus.com/bid/68111
• https://security.gentoo.org/glsa/201612-49
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8583