CVE-2014-0185 (retired)

Priority
Description
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before
5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket,
which allows local users to gain privileges via a crafted FastCGI client.
Notes
 mdeslaur> allows local users to run php scripts with www-data permissions
 mdeslaur> php5-fpm binary package is in universe
Assigned-to
mdeslaur
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (5.5.12+dfsg-2ubuntu1)
Patches:
Upstream:https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
Binaries built from this source package are in universe and so are supported by the community. For more details see https://wiki.ubuntu.com/SecurityTeam/FAQ#Official_Support
More Information

Updated: 2019-08-23 08:59:56 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)