4.3

CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Data is provided by the National Vulnerability Database (NVD)
Mpm-itk ProjectMpm-itk Version2.2.11-01
   ApacheHTTP Server
Mpm-itk ProjectMpm-itk Version2.2.11-02
   ApacheHTTP Server
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.3% 0.791
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857
Patch
Third Party Advisory
Issue Tracking
http://openwall.com/lists/oss-security/2011/03/20/1
Third Party Advisory
Mailing List
http://openwall.com/lists/oss-security/2011/03/21/13
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/46953
Third Party Advisory
VDB Entry