Vulnerability CVE-2019-0211


Published: 2019-04-08

Description:
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
Charles FOL
09.04.2019
Med.
Apache 2.4.17 < 2.4.38 apache2ctl graceful logrotate Local Privilege Escalation
Charles
14.04.2019

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Opensuse
Product: LEAP 
Version: 42.3; 15.0;
Vendor: Fedoraproject
Product: Fedora 
Version: 30; 29;
Vendor: Apache
Product: Http server 
Version:
2.4.38
2.4.37
2.4.36
2.4.35
2.4.34
2.4.33
2.4.32
2.4.30
2.4.29
2.4.28
2.4.27
2.4.26
2.4.25
2.4.24
2.4.23
2.4.22
2.4.21
2.4.20
2.4.19
2.4.18
2.4.17
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.10
18.04
16.04
14.04

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html
http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html
http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html
http://www.apache.org/dist/httpd/CHANGES_2.4.39
http://www.openwall.com/lists/oss-security/2019/04/02/3
http://www.securityfocus.com/bid/107666
https://access.redhat.com/errata/RHBA-2019:0959
https://access.redhat.com/errata/RHSA-2019:0746
https://access.redhat.com/errata/RHSA-2019:0980
https://access.redhat.com/errata/RHSA-2019:1296
https://access.redhat.com/errata/RHSA-2019:1297
https://access.redhat.com/errata/RHSA-2019:1543
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3E
https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E
https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac@%3Ccvs.httpd.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/
https://seclists.org/bugtraq/2019/Apr/16
https://seclists.org/bugtraq/2019/Apr/5
https://security.gentoo.org/glsa/201904-20
https://security.netapp.com/advisory/ntap-20190423-0001/
https://support.f5.com/csp/article/K32957101
https://usn.ubuntu.com/3937-1/
https://www.debian.org/security/2019/dsa-4422
https://www.exploit-db.com/exploits/46676/
https://www.synology.com/security/advisory/Synology_SA_19_14

Related CVE
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2019-15717
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-11476
An integer overflow in whoopsie before versions 0.2.52.5ubuntu0.1, 0.2.62ubuntu0.1, 0.2.64ubuntu0.1, 0.2.66, results in an out-of-bounds write to a heap allocated buffer when processing large crash dumps. This results in a crash or possible code-exec...
CVE-2019-15133
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.
CVE-2019-9851
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calli...
CVE-2019-9850
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify tha...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able...
CVE-2019-9516
Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater h...

Copyright 2019, cxsecurity.com

 

Back to Top