Back to search
CVE-2012-4442
Published: Oct 5, 2012
Modified: Sep 17, 2024
PUBLISHED
Description
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879
x_refsource_CONFIRM
[oss-security] 20120920 Re: CVE-request: monkey fails to drop supplemental groups when lowering privileges
mailing-list
x_refsource_MLIST
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now