Race Condition Exploit: Privilege Escalation in Monkey HTTP Daemon 0.9.3

Race Condition Exploit: Privilege Escalation in Monkey HTTP Daemon 0.9.3

CVE-2012-4442 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:N/A:N

Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.

Learn more about our User Device Pen Test.