Race Condition Exploit: Privilege Escalation in Monkey HTTP Daemon 0.9.3
CVE-2012-4442 · MEDIUM Severity
AV:L/AC:M/AU:N/C:C/I:N/A:N
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
Learn more about our User Device Pen Test.