[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-0185Date: (C)2014-05-15   (M)2024-04-19


sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-59061
SECUNIA-59329
http://www.openwall.com/lists/oss-security/2014/04/29/5
http://support.apple.com/kb/HT6443
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2014.php#id2014-05-01-1
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027
https://bugs.php.net/bug.php?id=67060
https://bugzilla.redhat.com/show_bug.cgi?id=1092815
https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
openSUSE-SU-2015:1685

CPE    1
cpe:/a:php:php
CWE    1
CWE-269
OVAL    24
oval:org.secpod.oval:def:108587
oval:org.secpod.oval:def:108766
oval:org.secpod.oval:def:107853
oval:org.secpod.oval:def:106969
...

© SecPod Technologies