Описание
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Отчет
This issue only affects instances running php-fpm under nginx server software as environment paths and parameters are handled by different code pieces depending on the server php-fpm is running under. The code where this issue is found is used exclusively when php-fpm detects the request came through an nginx server. Red Hat Product Security team rated this issue as having a Critical security impact as an attacker may take advantage from the existing bug to cause Remote Code Execution on network exposed software.
Меры по смягчению последствий
- Check your nginx configuration files, specially the ones related to php-fpm for presence of pattern bellow on fastcgi_split_path_info regex and PATH_INFO parameter:
- If fastcgi_split_path_info regex matches with the one above, for each fastcgi_param PATH_INFO entry perform the following change:
This step will allow you to safely continue using PATH_INFO parameter while the patch is not applied. 3) Restart your nginx instance:
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | php | Not affected | ||
| Red Hat Enterprise Linux 5 | php53 | Not affected | ||
| Red Hat Software Collections | rh-php73-php | Not affected | ||
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2019:3287 | 31.10.2019 |
| Red Hat Enterprise Linux 7 | php | Fixed | RHSA-2019:3286 | 31.10.2019 |
| Red Hat Enterprise Linux 7.6 Extended Update Support | php | Fixed | RHSA-2020:2835 | 07.07.2020 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2019:3735 | 06.11.2019 |
| Red Hat Enterprise Linux 8 | php | Fixed | RHSA-2019:3736 | 06.11.2019 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | php | Fixed | RHSA-2020:0322 | 03.02.2020 |
| Red Hat Software Collections for Red Hat Enterprise Linux 6 | rh-php70-php | Fixed | RHSA-2019:3724 | 06.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...
EPSS
8.1 High
CVSS3