Veracode Vulnerability DatabaseVERACODE:25361Remote Code Execution (RCE)
EPSS
Percentile
99.9%
php is vulnerable to remote code execution. The FPM module write past allocated buffers and into space reserved for the FCGI protocol data. This can potentailly be exploited to execute arbitrary code on the system
References
lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
seclists.org/fulldisclosure/2020/Jan/40
access.redhat.com/errata/RHSA-2019:3286
access.redhat.com/errata/RHSA-2019:3287
access.redhat.com/errata/RHSA-2019:3299
access.redhat.com/errata/RHSA-2019:3300
access.redhat.com/errata/RHSA-2019:3724
access.redhat.com/errata/RHSA-2019:3735
access.redhat.com/errata/RHSA-2019:3736
access.redhat.com/errata/RHSA-2020:0322
bugs.php.net/bug.php?id=78599
github.com/neex/phuip-fpizdam
lists.fedoraproject.org/archives/list/[email protected]/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
lists.fedoraproject.org/archives/list/[email protected]/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
lists.fedoraproject.org/archives/list/[email protected]/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
seclists.org/bugtraq/2020/Jan/44
security.netapp.com/advisory/ntap-20191031-0003/
support.apple.com/kb/HT210919
support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS
usn.ubuntu.com/4166-1/
usn.ubuntu.com/4166-2/
www.debian.org/security/2019/dsa-4552
www.debian.org/security/2019/dsa-4553
www.synology.com/security/advisory/Synology_SA_19_36
Related
