Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2014:087 | First vendor Publication | 2014-05-15 |
Vendor | Mandriva | Last vendor Modification | 2014-05-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability has been discovered and corrected in php: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). The updated php packages have been upgraded to the 5.5.12 version which is not vulnerable to this issue. Additionally, the timezonedb packages has been upgraded to the latest 2014.3 version, the php-suhosin packages has been upgraded to the latest 0.9.35 version which has better support for php-5.5 and the PECL packages which requires so has been rebuilt for php-5.5.12. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:087 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-269 | Improper Privilege Management |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-05-08 | IAVM : 2014-B-0053 - PHP Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0050233 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-10-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-636.nasl - Type : ACT_GATHER_INFO |
2015-03-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2015-080.nasl - Type : ACT_GATHER_INFO |
2014-09-18 | Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit... File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO |
2014-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO |
2014-06-26 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2254-2.nasl - Type : ACT_GATHER_INFO |
2014-06-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-2254-1.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-419.nasl - Type : ACT_GATHER_INFO |
2014-06-10 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2014-160-01.nasl - Type : ACT_GATHER_INFO |
2014-06-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2943.nasl - Type : ACT_GATHER_INFO |
2014-05-16 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2014-087.nasl - Type : ACT_GATHER_INFO |
2014-05-12 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5984.nasl - Type : ACT_GATHER_INFO |
2014-05-06 | Name : The remote Fedora host is missing a security update. File : fedora_2014-5960.nasl - Type : ACT_GATHER_INFO |
2014-05-05 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_4_28.nasl - Type : ACT_GATHER_INFO |
2014-05-05 | Name : The remote web server uses a version of PHP that is potentially affected by a... File : php_5_5_12.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-05-17 13:23:45 |
|
2014-05-15 13:21:43 |
|