Summary
This host is installed with PHP and is prone to privilege escalation vulnerability.
Impact
Successful exploitation will allow remote attackers to gain access to the socket and gain elevated privileges.
Impact Level: System/Application
Solution
Upgrade to PHP version 5.4.28 or 5.5.12 or later. For updates refer to http://php.net.
Insight
The flaw is due to error in 'sapi/fpm/fpm/fpm_unix.c' within FastCGI Process Manager that sets insecure permissions for a unix socket.
Affected
PHP versions 5.4.x before 5.4.28 and 5.5.x before 5.5.12.
Detection
Get the installed version of PHP with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-0185 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities