Your submission was sent successfully! Close

CVE-2014-0185

Published: 06 May 2014

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr)
Released (5.5.9+dfsg-1ubuntu4.1)
Patches:
Upstream: https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40d
Binaries built from this source package are in Universe and so are supported by the community.