CVE-2014-8583 Common Vulnerabilities and Exposures

Upstream information

CVE-2014-8583 at MITRE

Description

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	6.9
Vector	AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Local
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 903961 [RESOLVED / FIXED], 907649 [RESOLVED / FIXED], 983032 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-RU-2015:0611-1, published Thu Mar 26 13:04:51 MDT 2015
SUSE-SU-2014:1572-1, published Fri Dec 5 11:05:50 MST 2014
SUSE-SU-2014:1572-2, published Mon Dec 8 17:05:10 MST 2014

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Manager 1.7	`apache2-mod_wsgi >= 3.3-5.7.1`	Patchnames: sleman17sp2-apache2-mod_wsgi
SUSE Manager 2.1	`apache2-mod_wsgi >= 3.3-5.7.17` `auditlog-keeper >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `auditlog-keeper-rdbms >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `auditlog-keeper-spacewalk-validator >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `auditlog-keeper-syslog >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `auditlog-keeper-xmlout >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `cobbler >= 2.2.2-0.54.9` `google-gson >= 2.2.4-0.7.52` `libyaml-0-2 >= 0.1.3-0.10.16.11` `oracle-config >= 1.1-0.10.10.16` `osa-dispatcher >= 5.11.33.7-0.7.16` `perl-Class-Singleton >= 1.4-4.13.38` `perl-NOCpulse-Object >= 1.26.13.2-0.7.13` `perl-Satcon >= 1.20.2-0.7.6` `perl-auditlog-keeper-client >= 0.2.3+git.1417708457.eabd1a9-0.7.58` `postgresql91-pltcl >= 9.1.15-0.3.1` `pxe-default-image >= 0.1-0.20.56` `python-enum34 >= 1.0-0.7.33` `python-gzipstream >= 1.10.2.2-0.7.6` `rhn-custom-info >= 5.4.22.6-0.7.13` `rhnlib >= 2.5.69.6-0.7.6` `rhnmd >= 5.3.18.4-0.7.15` `rhnpush >= 5.5.71.7-0.7.16` `sm-ncc-sync-data >= 2.1.9-0.7.6` `smdba >= 1.5.1-0.7.6` `spacecmd >= 2.1.25.7-0.7.9` `spacewalk-admin >= 2.1.2.4-0.7.6` `spacewalk-backend >= 2.1.55.15-0.7.11` `spacewalk-backend-app >= 2.1.55.15-0.7.11` `spacewalk-backend-applet >= 2.1.55.15-0.7.11` `spacewalk-backend-config-files >= 2.1.55.15-0.7.11` `spacewalk-backend-config-files-common >= 2.1.55.15-0.7.11` `spacewalk-backend-config-files-tool >= 2.1.55.15-0.7.11` `spacewalk-backend-iss >= 2.1.55.15-0.7.11` `spacewalk-backend-iss-export >= 2.1.55.15-0.7.11` `spacewalk-backend-libs >= 2.1.55.15-0.7.11` `spacewalk-backend-package-push-server >= 2.1.55.15-0.7.11` `spacewalk-backend-server >= 2.1.55.15-0.7.11` `spacewalk-backend-sql >= 2.1.55.15-0.7.11` `spacewalk-backend-sql-oracle >= 2.1.55.15-0.7.11` `spacewalk-backend-sql-postgresql >= 2.1.55.15-0.7.11` `spacewalk-backend-tools >= 2.1.55.15-0.7.11` `spacewalk-backend-xml-export-libs >= 2.1.55.15-0.7.11` `spacewalk-backend-xmlrpc >= 2.1.55.15-0.7.11` `spacewalk-base >= 2.1.60.12-0.7.7` `spacewalk-base-minimal >= 2.1.60.12-0.7.7` `spacewalk-base-minimal-config >= 2.1.60.12-0.7.7` `spacewalk-branding >= 2.1.33.10-0.7.16` `spacewalk-certs-tools >= 2.1.6.5-0.7.10` `spacewalk-check >= 2.1.16.6-0.7.9` `spacewalk-client-setup >= 2.1.16.6-0.7.9` `spacewalk-client-tools >= 2.1.16.6-0.7.9` `spacewalk-config >= 2.1.5.4-0.7.15` `spacewalk-doc-indexes >= 2.1.2.3-0.7.26` `spacewalk-grail >= 2.1.60.12-0.7.7` `spacewalk-html >= 2.1.60.12-0.7.7` `spacewalk-java >= 2.1.165.14-0.7.16` `spacewalk-java-config >= 2.1.165.14-0.7.16` `spacewalk-java-lib >= 2.1.165.14-0.7.16` `spacewalk-java-oracle >= 2.1.165.14-0.7.16` `spacewalk-java-postgresql >= 2.1.165.14-0.7.16` `spacewalk-pxt >= 2.1.60.12-0.7.7` `spacewalk-reports >= 2.1.14.8-0.7.10` `spacewalk-search >= 2.1.14.6-0.7.18` `spacewalk-setup >= 2.1.14.9-0.7.6` `spacewalk-setup-jabberd >= 2.1.0.2-0.7.6` `spacewalk-sniglets >= 2.1.60.12-0.7.7` `spacewalk-taskomatic >= 2.1.165.14-0.7.16` `spacewalk-utils >= 2.1.27.12-0.7.25` `spacewalksd >= 5.0.14.6-0.7.15` `struts >= 1.2.9-162.33.22` `supportutils-plugin-susemanager >= 1.0.3-0.5.5` `supportutils-plugin-susemanager-client >= 1.0.4-0.5.5` `suseRegisterInfo >= 2.1.9-0.7.29` `susemanager >= 2.1.17-0.7.11` `susemanager-client-config_en-pdf >= 2.1-0.15.24` `susemanager-install_en-pdf >= 2.1-0.15.24` `susemanager-jsp_en >= 2.1-0.15.23` `susemanager-manuals_en >= 2.1-0.15.24` `susemanager-proxy-quick_en-pdf >= 2.1-0.15.24` `susemanager-reference_en-pdf >= 2.1-0.15.24` `susemanager-schema >= 2.1.50.11-0.7.8` `susemanager-sync-data >= 2.1.5-0.7.6` `susemanager-tools >= 2.1.17-0.7.11` `susemanager-user_en-pdf >= 2.1-0.15.24` `tanukiwrapper >= 3.2.3-0.10.12` `yum >= 3.2.29-0.19.30` `yum-common >= 3.2.29-0.19.30` `zypp-plugin-spacewalk >= 0.9.8-0.15.51`	Patchnames: sleman21-apache2-mod_wsgi sleman21-suse-manager-201503
SUSE Manager Proxy 1.7	`apache2-mod_wsgi >= 3.3-5.7.1`	Patchnames: slemap17sp2-apache2-mod_wsgi
SUSE Manager Proxy 2.1	`apache2-mod_wsgi >= 3.3-5.7.1`	Patchnames: slemap21-apache2-mod_wsgi
SUSE OpenStack Cloud 3.0	`apache2-mod_wsgi >= 3.3-5.7.1`	Patchnames: sleclo30sp3-apache2-mod_wsgi
SUSE OpenStack Cloud 4	`apache2-mod_wsgi >= 3.3-5.7.1`	Patchnames: sleclo40sp3-apache2-mod_wsgi

SUSE Timeline for this CVE

CVE page created: Tue Nov 4 13:37:39 2014
CVE page last modified: Tue Feb 20 14:16:12 2024