CVE-2013-1427
Published: 21 March 2013
The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Notes
| Author | Note |
|---|---|
| jdstrand | socket file was /tmp/php.socket. This should be protected by symlink restrictions in Ubuntu 11.10 and higher |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
lighttpd Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| upstream |
Released
(1.4.31-4)
|
|
| utopic |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| vivid |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| wily |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| xenial |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| yakkety |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
| zesty |
Not vulnerable
(1.4.33-1+nmu2ubuntu2)
|
|
|
Patches: vendor: http://www.debian.org/security/2013/dsa-2649 |
||
| This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. | ||