ASA-2019-00170 – Apache HTTP Server: Privilege escalation from modules’ scripts


Allele Security Alert

ASA-2019-00170

Identifier(s)

ASA-2019-00170, CVE-2019-0211

Title

Privilege escalation from modules’ scripts

Vendor(s)

Apache Software Foundation

Product(s)

Apache HTTP Server (httpd)

Affected version(s)

Apache HTTP Server versions 2.4.17 to 2.4.38

Fixed version(s)

Apache HTTP Server version 2.4.39

Proof of concept

Yes

Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Technical details

Unknown

Credits

Charles Fol

Reference(s)

httpd 2.4 vulnerabilities – The Apache HTTP Server Project
https://httpd.apache.org/security/vulnerabilities_24.html

CVE-2019-0211: Apache HTTP Server privilege escalation from modules’ scripts
https://seclists.org/oss-sec/2019/q2/2

CVE-2019-0211: Proof of Concept for Apache Root Privilege Escalation Vulnerability Published
https://www.tenable.com/blog/cve-2019-0211-proof-of-concept-for-apache-root-privilege-escalation-vulnerability-published

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache

CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation
https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html

Apache 2.4.39 important security release (CVE-2019-0211, CVE-2019-0217 and CVE-2019-0215)
https://blog.bitnami.com/2019/04/apache-2439-important-security-release.html

CVE-2019-0211
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211

CVE-2019-0211
https://nvd.nist.gov/vuln/detail/CVE-2019-0211

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 2, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.