SB2019040243 - Privilege escalation in apache2 (Alpine package)
Published: April 2, 2019
Security Bulletin ID
SB2019040243
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Privilege escalation (CVE-ID: CVE-2019-0211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.
A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0342bb148db2b28dcced8a4c5b8e2840f3af9a44
- https://git.alpinelinux.org/aports/commit/?id=9d23763439dabef4a81c7cc9c061b69048df9708
- https://git.alpinelinux.org/aports/commit/?id=bbf41c02f848c8e5967bd857c6988274dc55f068
- https://git.alpinelinux.org/aports/commit/?id=ef86fbabe1c2c14cf06d8c26c6141b650e92049d