Unrated severityNVD Advisory· Published Mar 29, 2011· Updated Apr 29, 2026
CVE-2011-1176
CVE-2011-1176
Description
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
Affected products
5cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*
- cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-02:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party Advisory
- lists.err.no/pipermail/mpm-itk/2011-March/000393.htmlnvdPatchThird Party Advisory
- lists.err.no/pipermail/mpm-itk/2011-March/000394.htmlnvdRelease NotesThird Party Advisory
- openwall.com/lists/oss-security/2011/03/20/1nvdMailing ListThird Party Advisory
- openwall.com/lists/oss-security/2011/03/21/13nvdMailing ListThird Party Advisory
- www.debian.org/security/2011/dsa-2202nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/46953nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2011/0748nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0749nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0824nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/66248nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.