Launchpad CVE tracker

CVE 2014-0185

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Related bugs and status

CVE-2014-0185 (Candidate) is related to these bugs:

Bug #1307027: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets

Summary				In	Importance	Status
	1307027	php5-fpm: Possible privilege escalation due to insecure default permissions of sockets		php5 (Ubuntu)	Undecided	Fix Released
	1307027	php5-fpm: Possible privilege escalation due to insecure default permissions of sockets		php	Unknown	Unknown

Bug #1314938: UPDATE REQUEST: php55u 5.5.12 is available upstream

Summary				In	Importance	Status
	1314938	UPDATE REQUEST: php55u 5.5.12 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1315299: UPDATE REQUEST: php54 5.4.28 is available upstream

Summary				In	Importance	Status
	1315299	UPDATE REQUEST: php54 5.4.28 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0185

References