CVE-2014-0185
First published: Wed Apr 30 2014(Updated: )
It was reported that, on some distributions, PHP FPM (a FastCGI Process Manager for PHP) used a UNIX socket with insecure, default permissions. This would allow local users to execute PHP scripts with the privileges of the "apache" user. This is a similar situation to using mod_php where users can place scripts in their "~/public_html/" directory. Original report: <a href="http://www.openwall.com/lists/oss-security/2014/04/29/5">http://www.openwall.com/lists/oss-security/2014/04/29/5</a> On Red Hat Enterprise Linux 6, when using the Apache HTTP Server with mod_php, the use of "~/public_html/" is disabled by default; however, the default FPM configuration is more open, allowing users to talk directly to FPM and have their PHP scripts executed. (Note that there is currently no fastcgi module for the Apache HTTP Server in Red Hat Enterprise Linux 6, or for any other web server.) Acknowledgements: Red Hat would like to thank Christian Hoffmann for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/php | <5.4.28 | 5.4.28 |
| redhat/php | <5.5.12 | 5.5.12 |
| PHP | >=5.3.0<5.3.28 | |
| PHP | >=5.4.0<5.4.28 | |
| PHP | >=5.5.0<5.5.12 | |
| >=5.3.0<5.3.28 | ||
| >=5.4.0<5.4.28 | ||
| >=5.5.0<5.5.12 |
Remedy
https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2014/04/29/5
- http://www.php.net/ChangeLog-5.php#5.5.12
- https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
- https://bugs.php.net/bug.php?id=67060
- https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027
- http://git.php.net/?p=php-src.git;a=blob;f=sapi/fpm/php-fpm.conf.in;h=c5f4abc;hb=refs/heads/PHP-5.5.12#l151
- https://access.redhat.com/security/cve/CVE-2014-0185
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095239
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0185
- https://bugzilla.redhat.com/show_bug.cgi?id=1092815
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html
- http://secunia.com/advisories/59061
- http://secunia.com/advisories/59329
- http://support.apple.com/kb/HT6443
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/archive/2014.php#id2014-05-01-1
- https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
Frequently Asked Questions
What is the severity of CVE-2014-0185?
The severity of CVE-2014-0185 is classified as a high risk due to the potential for local users to execute scripts with elevated privileges.
How do I fix CVE-2014-0185?
To fix CVE-2014-0185, ensure that the permissions for the UNIX socket used by PHP FPM are set securely.
Which PHP versions are affected by CVE-2014-0185?
CVE-2014-0185 affects PHP versions between 5.3.0 and 5.5.12.
Can CVE-2014-0185 be exploited remotely?
CVE-2014-0185 is a local vulnerability and cannot be exploited remotely.
What types of distributions are impacted by CVE-2014-0185?
CVE-2014-0185 impacts various Linux distributions that use insecure default permissions for the PHP FPM UNIX socket.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0185
- agent/software-canonical-lookup
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- package-manager/redhat
- vendor/php
- canonical/php
- version/php/5.3.0
- version/php/5.4.0
- version/php/5.5.0