CVE-2012-4442

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

CVSS v2.0 4.7 MEDIUM

4.7^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability : 3.4 / Impact : 6.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879
http://www.openwall.com/lists/oss-security/2012/09/21/3

Configurations

Configuration 1 (hide)

cpe:2.3:a:monkey-project:monkey:0.9.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-05 21:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-4442

Mitre link : CVE-2012-4442

CVE.ORG link : CVE-2012-4442

JSON object : View

Products Affected

monkey-project

monkey

CWE

CWE-264

Permissions, Privileges, and Access Controls

4.7 /10