Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Remediation

References

CVE-2014-0185

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0123)

osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-7193)

WordPress Plugin YITH WooCommerce Authorize.net Payment Gateway Security Bypass (1.1.12)

PHP NULL Pointer Dereference Vulnerability (CVE-2018-19935)

MySQL CVE-2018-3283 Vulnerability (CVE-2018-3283)

Severity

High

Classification

CVE-2014-0185 CWE-264

Tags

Missing Update Known Vulnerabilities