Описание
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Отчет
This issue did not affect the php and php53 packages as shipped with Red Hat Enterprise Linux 5. This issue is not planned to be addressed in the php packages in Red Hat Enterprise Linux 6 and 7. Refer to https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0185 for further details.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Will not fix | ||
| Red Hat Enterprise Linux 7 | php | Will not fix | ||
| Red Hat Software Collections | php54-php | Will not fix | ||
| Red Hat Software Collections | php55-php | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
3.6 Low
CVSS2
Связанные уязвимости
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP be ...
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Уязвимость интерпретатора PHP, позволяющая удаленному злоумышленнику повысить свои привилегии
EPSS
3.6 Low
CVSS2