Privilege escalation in apache2 (Alpine package)

1) Privilege escalation

EUVDB-ID: #VU18110

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-0211

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.

A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

apache2 (Alpine package): 2.4.4-r0 - 2.4.38-r3

External links

http://git.alpinelinux.org/aports/commit/?id=0342bb148db2b28dcced8a4c5b8e2840f3af9a44
http://git.alpinelinux.org/aports/commit/?id=9d23763439dabef4a81c7cc9c061b69048df9708
http://git.alpinelinux.org/aports/commit/?id=bbf41c02f848c8e5967bd857c6988274dc55f068
http://git.alpinelinux.org/aports/commit/?id=ef86fbabe1c2c14cf06d8c26c6141b650e92049d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.