CVE-2014-0185

Published: May 6, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

59329

third-party-advisory

x_refsource_SECUNIA

https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d

x_refsource_CONFIRM

https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch

x_refsource_MISC

https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027

x_refsource_CONFIRM

https://bugs.php.net/bug.php?id=67060

x_refsource_CONFIRM

59061

third-party-advisory

x_refsource_SECUNIA

http://www.php.net/ChangeLog-5.php

x_refsource_CONFIRM

http://www.php.net/archive/2014.php#id2014-05-01-1

x_refsource_CONFIRM

http://support.apple.com/kb/HT6443

x_refsource_CONFIRM

[oss-security] 20140429 Fwd: [vs] php-fpm: privilege escalation due to insecure default config (CVE-2014-0185)

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=1092815

x_refsource_CONFIRM

openSUSE-SU-2015:1685

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-0185

Description

Affected Products

References