Описание
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
A code injection flaw was found in Xdebug. When a user enables remote debugging, Xdebug does not require authentication and will accept input from any user who can access the debug port. Enabling remote debugging is not recommended for normal use, but if exploited, this flaw would allow a remote attacker to execute code in the context of the Xdebug process.
Отчет
All Red Hat offerings use fixed versions of the Xdebug package (used for remote debugging) and are therefore not affected. Exploitation would require xdebug to be installed, enabled, and exposed to attackers which is a unlikely configuration in production environments. No Red Hat offerings enable it by default, reducing the severity to Moderate.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | php-pecl-xdebug3 | Not affected | ||
| Red Hat Enterprise Linux 8 | php:7.4/php-pecl-xdebug | Not affected | ||
| Red Hat Enterprise Linux 8 | php:8.2/php-pecl-xdebug3 | Not affected | ||
| Red Hat Enterprise Linux 9 | php:8.2/php-pecl-xdebug3 | Not affected | ||
| Red Hat Enterprise Linux 9 | php:8.3/php-pecl-xdebug3 | Not affected | ||
| Red Hat Enterprise Linux 9 | php-pecl-xdebug3 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/udi-rhel8 | Not affected | ||
| Red Hat OpenShift Dev Spaces | devspaces/udi-rhel9 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
An unauthenticated OS command injection vulnerability exists within Xd ...
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
EPSS
5.6 Medium
CVSS3