Lucene search

PRIOn knowledge basePRION:CVE-2014-0185

HistoryMay 06, 2014 - 10:44 a.m.

Code injection

2014-05-0610:44:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.9%

JSON

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

CPENameOperatorVersion
phpge5.5.0
phplt5.5.12
phpge5.4.0
phplt5.4.28
phpge5.3.0
phplt5.3.28

Name	Operator	Version
php	ge	5.5.0
php	lt	5.5.12
php	ge	5.4.0
php	lt	5.4.28
php	ge	5.3.0
php	lt	5.3.28

References

lists.opensuse.org/opensuse-updates/2015-10/msg00012.html

secunia.com/advisories/59061

secunia.com/advisories/59329

support.apple.com/kb/HT6443

www.openwall.com/lists/oss-security/2014/04/29/5

www.php.net/archive/2014.php

www.php.net/ChangeLog-5.php

bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027

bugs.php.net/bug.php?id=67060

bugzilla.redhat.com/show_bug.cgi?id=1092815

github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d

hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for PRION:CVE-2014-0185