Bug 36490 - CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts
Summary: CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: apache2 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Anton Farygin
QA Contact: qa-sisyphus
URL: https://httpd.apache.org/security/vul...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-04-02 18:52 MSK by Dmitry V. Levin
Modified: 2019-12-16 11:39 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2019-04-02 18:52:20 MSK 
https://twitter.com/iamamoose/status/1112966189276389376
"Flaw in Apache HTTP Server 2.4.17 - 2.4.38 allows anyone you allow to write a script (PHP, CGI,..) to gain root. Get 2.4.39 *now* especially if you have untrusted script authors or run shared hosting (or use mod_auth_digest, due to a separate flaw)"
Comment 1 Anton Farygin 2019-04-02 19:33:50 MSK 
Решето.
Comment 2 Anton Farygin 2019-04-02 19:50:20 MSK 
#226419 POSTPONED #1 c8.1 apache2.git=2.4.39-alt1
#226418 POSTPONED #1 p8 apache2.git=2.4.39-alt1
#226417 BUILDING #1 [locked] sisyphus apache2.git=2.4.39-alt1