Lucene search

[email protected]CVE-2014-0185

HistoryMay 06, 2014 - 10:44 a.m.

CVE-2014-0185

2014-05-0610:44:00

CWE-269

[email protected]

web.nvd.nist.gov

cve-2014-0185

php

fpm

fastcgi

unix socket permissions

vulnerability

nvd

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.3%

JSON

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

CPENameOperatorVersion
php:phpphplt5.5.12
php:phpphplt5.4.28
php:phpphplt5.3.28

CPE	Name	Operator	Version
php:php	php	lt	5.5.12
php:php	php	lt	5.4.28
php:php	php	lt	5.3.28

References

lists.opensuse.org/opensuse-updates/2015-10/msg00012.html

secunia.com/advisories/59061

secunia.com/advisories/59329

support.apple.com/kb/HT6443

www.openwall.com/lists/oss-security/2014/04/29/5

www.php.net/archive/2014.php#id2014-05-01-1

www.php.net/ChangeLog-5.php

bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027

bugs.php.net/bug.php?id=67060

bugzilla.redhat.com/show_bug.cgi?id=1092815

github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d

hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch

Social References

6.1 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.3%

JSON

Related for CVE-2014-0185

nessus15 prion1 openvas26 f52 ubuntucve1 mageia1 securityvulns4 threatpost1 fedora17 slackware1 osv1 debian1 ubuntu2 gentoo1