CVE-2012-4442

Published: Oct 5, 2012Modified: Apr 29, 2026

4.7

Vector

AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability: 3.4 / Impact: 6.9

Source: NVD

Description

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

Affected (1)

Products: Monkey Project: Monkey

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Monkey Project Monkey	Version 0.9.3

Related CWEs

References (6)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2012/09/21/3

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688007

Source: af854a3a-2127-422b-91ae-364da2661108

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2012/09/21/3

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.