CVE-2014-0185
Published: 6 May 2014
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Notes
Author | Note |
---|---|
mdeslaur | allows local users to run php scripts with www-data permissions php5-fpm binary package is in universe |
Priority
Status
Package | Release | Status |
---|---|---|
php5 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(code not present)
|
precise |
Released
(5.3.10-1ubuntu3.12)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Released
(5.5.3+dfsg-1ubuntu2.4)
|
|
trusty |
Released
(5.5.9+dfsg-1ubuntu4.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d |
||
Binaries built from this source package are in Universe and so are supported by the community. |