Vulnerabilities > CVE-2014-8583 - 7PK - Security Features vulnerability in Modwsgi MOD Wsgi
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-180.NASL description Updated apache-mod_wsgi package fixes security vulnerabilities : apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corruption or a process crash could occur. It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode (CVE-2014-8583). last seen 2020-06-01 modified 2020-06-02 plugin id 82455 published 2015-03-31 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82455 title Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:180. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82455); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:57"); script_cve_id("CVE-2014-8583"); script_xref(name:"MDVSA", value:"2015:180"); script_name(english:"Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2015:180)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandriva Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated apache-mod_wsgi package fixes security vulnerabilities : apache-mod_wsgi before 4.2.4 contained an off-by-one error in applying a limit to the number of supplementary groups allowed for a daemon process group. The result could be that if more groups than the operating system allowed were specified to the option supplementary-groups, then memory corruption or a process crash could occur. It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode (CVE-2014-8583)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0323.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0513.html" ); script_set_attribute( attribute:"solution", value:"Update the affected apache-mod_wsgi package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:apache-mod_wsgi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"apache-mod_wsgi-3.5-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2711.NASL description According to the version of the mod_wsgi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-23 plugin id 132378 published 2019-12-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132378 title EulerOS 2.0 SP5 : mod_wsgi (EulerOS-SA-2019-2711) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-753.NASL description apache2-mod_wsgi was updated to fix one security issue. This security issue was fixed : - Failure to handle errors when attempting to drop group privileges (CVE-2014-8583). last seen 2020-06-05 modified 2014-12-09 plugin id 79815 published 2014-12-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79815 title openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2018-987.NASL description Failure to handle errors when attempting to drop group privileges mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. (CVE-2014-8583) last seen 2020-06-01 modified 2020-06-02 plugin id 109369 published 2018-04-27 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109369 title Amazon Linux AMI : mod24_wsgi (ALAS-2018-987) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201612-49.NASL description The remote host is affected by the vulnerability described in GLSA-201612-49 (mod_wsgi: Privilege escalation) mod_wsgi, when creating a daemon process group, does not properly handle dropping group privileges. Impact : Context-dependent attackers could escalate privileges due to the improper handling of group privileges. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96224 published 2017-01-03 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96224 title GLSA-201612-49 : mod_wsgi: Privilege escalation NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2633.NASL description According to the version of the mod_wsgi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132168 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132168 title EulerOS 2.0 SP3 : mod_wsgi (EulerOS-SA-2019-2633) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-253.NASL description Updated apache-mod_wsgi package fixes security vulnerability : It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode (CVE-2014-8583). last seen 2020-06-01 modified 2020-06-02 plugin id 80042 published 2014-12-16 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80042 title Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253) NASL family Amazon Linux Local Security Checks NASL id AL2_ALAS-2018-987.NASL description Failure to handle errors when attempting to drop group privileges : mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. (CVE-2014-8583) last seen 2020-06-01 modified 2020-06-02 plugin id 109140 published 2018-04-18 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/109140 title Amazon Linux 2 : mod_wsgi (ALAS-2018-987) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2431-1.NASL description It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 79717 published 2014-12-04 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79717 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : mod-wsgi vulnerability (USN-2431-1) NASL family Web Servers NASL id MOD_WSGI_4_2_4.NASL description According to the web server banner, the version of mod_wsgi running on the remote host is prior to version 4.2.4. It is, therefore, affected by a privilege escalation vulnerability. The issue is triggered when attempting to drop group privileges and an error with last seen 2020-06-01 modified 2020-06-02 plugin id 76498 published 2014-07-14 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76498 title Apache mod_wsgi < 4.2.4 Privilege Dropping Privilege Escalation NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2367.NASL description According to the version of the mod_wsgi package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.(CVE-2014-8583) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131859 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131859 title EulerOS 2.0 SP2 : mod_wsgi (EulerOS-SA-2019-2367)
References
- http://advisories.mageia.org/MGASA-2014-0513.html
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00036.html
- http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.2.4.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:253
- http://www.openwall.com/lists/oss-security/2014/06/19/7
- http://www.openwall.com/lists/oss-security/2014/11/04/8
- http://www.securityfocus.com/bid/68111
- http://www.ubuntu.com/usn/USN-2431-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1111034
- https://security.gentoo.org/glsa/201612-49