Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: mod_ruid2 before 0.9.8
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 22 Mar 2013 19:54:02 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/22/2013 02:46 PM, John Lightsey wrote:
On 03/22/2013 03:36 PM, Kurt Seifried wrote:
On 03/22/2013 09:08 AM, John Lightsey wrote:

In versions of mod_ruid2 before 0.9.8, the filedescriptor used
to break out of the chroot is inherited by all Apache
subprocesses. This allows CGI scripts to also to break out of
the chroot by performing a fchdir() across the inherited file
descriptor.


http://sourceforge.net/mailarchive/forum.php?thread_name=514C503E.4020109%40users.sourceforge.net&forum_name=mod-ruid-announce



Can

you provide a link to the source code fix? thanks.


https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2

 The key part of the fix is the block at line 366:

} else if (fcntl(root_handle, F_SETFD, FD_CLOEXEC) < 0) { ...

Please use CVE-2013-1889  for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRTQs5AAoJEBYNRVNeJnmTG+MP/A4hqaWgx8sgkUKqHvW++fM6
g0fcssim88qbs832NflSmY4E0+UrIryvvJvXJJCcMabulFj8zpsYKa/eMqUNq/hp
hda6byGQlH8hFK7ykgzBiUOsTG9oBkGG3VYyirxB2iRlCuvTIRLwU04iR8EYo4iF
2jw3PrUfY8bWRW0xGStZc6xhhZmL3DizePrywcm4LAYnM+LJTysZFJYT/dPMvBWZ
zQphenEXH7UtJpDiB32BcoQzhwYhZiyp+lpfTCLh6noqDqLSTJ3Nd1Yz6bxTnNl7
8gWVrIjfs4qcxdWU4wVxMBGE0oWLv7x2ZfOQpcPDEOGxqCLuY9khh/0n/gGARz3S
DmJEmJ6ZI811/2mHPHWDVLuodfeLtTUdbHWfI0tirnWS398C9yjZtU4EPfL4sgqc
etttqxCaAeRmEKmi2VqBAB4/kB4TzImkLx3ecwpMPJs77hHXDoxdCuYWhMw3mACg
FDFaXvNPAgKdoX8feKYkgTeFPdzMYvQZLbRVpgvd0B9Ox3KsmfQUHeVynFWYTXZp
Mmhhidk774GEynFZRPl/2YNmnHv9hvtBf0fy1jRBQ3D9Y04wHNMbPNpigkfSr+p6
S8828q6100T0g3kX0xTpeLowtwieaYUZgqUaif0EEDS/8pnDg8LXZN7Oe6MNXt86
V5W4lUEaHZW+xtm5dHbc
=ROLP
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault