Launchpad.net

CVE 2014-0240

The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.

Related bugs and status

CVE-2014-0240 (Candidate) is related to these bugs:

Bug #1322338: CVE 2014-0240 and CVE 2014-0242

		In	Importance	Status
1322338	CVE 2014-0240 and CVE 2014-0242	mod-wsgi (Ubuntu)	Undecided	Fix Released
1322338	CVE 2014-0240 and CVE 2014-0242	mod-wsgi (Ubuntu Precise)	Undecided	Fix Released
1322338	CVE 2014-0240 and CVE 2014-0242	mod-wsgi (Ubuntu Utopic)	Undecided	Fix Released
1322338	CVE 2014-0240 and CVE 2014-0242	mod-wsgi (Ubuntu Saucy)	Undecided	Fix Released
1322338	CVE 2014-0240 and CVE 2014-0242	mod-wsgi (Ubuntu Trusty)	Undecided	Fix Released

Bug #1323041: Sync mod-wsgi 3.5-1 (main) from Debian unstable (main)

Summary				In	Importance	Status
	1323041	Sync mod-wsgi 3.5-1 (main) from Debian unstable (main)		mod-wsgi (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0240

Related bugs and status

Related bugs

References