CVE-2014-0185
First published: Wed Apr 30 2014(Updated: )
It was reported that, on some distributions, PHP FPM (a FastCGI Process Manager for PHP) used a UNIX socket with insecure, default permissions. This would allow local users to execute PHP scripts with the privileges of the "apache" user. This is a similar situation to using mod_php where users can place scripts in their "~/public_html/" directory. Original report: <a href="http://www.openwall.com/lists/oss-security/2014/04/29/5">http://www.openwall.com/lists/oss-security/2014/04/29/5</a> On Red Hat Enterprise Linux 6, when using the Apache HTTP Server with mod_php, the use of "~/public_html/" is disabled by default; however, the default FPM configuration is more open, allowing users to talk directly to FPM and have their PHP scripts executed. (Note that there is currently no fastcgi module for the Apache HTTP Server in Red Hat Enterprise Linux 6, or for any other web server.) Acknowledgements: Red Hat would like to thank Christian Hoffmann for reporting this issue.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/php | <5.4.28 | 5.4.28 |
| redhat/php | <5.5.12 | 5.5.12 |
| PHP PHP | >=5.3.0<5.3.28 | |
| PHP PHP | >=5.4.0<5.4.28 | |
| PHP PHP | >=5.5.0<5.5.12 |
Remedy
https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2014/04/29/5
- http://www.php.net/ChangeLog-5.php#5.5.12
- https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
- https://bugs.php.net/bug.php?id=67060
- https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027
- http://git.php.net/?p=php-src.git;a=blob;f=sapi/fpm/php-fpm.conf.in;h=c5f4abc;hb=refs/heads/PHP-5.5.12#l151
- https://access.redhat.com/security/cve/CVE-2014-0185
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1095239
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0185
- https://bugzilla.redhat.com/show_bug.cgi?id=1092815
- http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.html
- http://secunia.com/advisories/59061
- http://secunia.com/advisories/59329
- http://support.apple.com/kb/HT6443
- http://www.php.net/ChangeLog-5.php
- http://www.php.net/archive/2014.php#id2014-05-01-1
- https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patch
- collector/nvd-index
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-0185
- agent/software-canonical-lookup
- vendor/php
- canonical/php php
- version/php php/5.3.0
- version/php php/5.4.0
- version/php php/5.5.0
- package-manager/redhat