Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
monkey-project monkey 0.9.3 |