CVE-2014-0185
Publication date 6 May 2014
Last updated 24 July 2024
Ubuntu priority
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | 14.04 LTS trusty |
Fixed 5.5.9+dfsg-1ubuntu4.1
|
Notes
mdeslaur
allows local users to run php scripts with www-data permissions php5-fpm binary package is in universe
References
Related Ubuntu Security Notices (USN)
- USN-2254-1
- PHP vulnerabilities
- 23 June 2014