Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Monkey HTTP Daemon 权限许可和访问控制问题漏洞
Vulnerability Description
Monkey HTTP Daemon(monkeyd)是Monkey项目组开发的一套Web服务器软件。该软件具有可扩展、低内存、低CUP消耗等特点。 Monkey HTTP Daemon 0.9.3版本中存在漏洞,该漏洞源于带有非根用户的有效UID的操作期间,保留根账户的补充组IDs。本地攻击者可利用文件权限检查中的竞争条件,绕过目地文件读取限制。
CVSS Information
N/A
Vulnerability Type
N/A