CVE-2014-0185: CVE-2014-0185

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-0185

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

PHP FastCGI Process Manager 权限许可和访问控制问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

FastCGI Process Manager（FPM）是英国软件开发者Andrei Nigmatulin所研发的一个用于PHP中的FastCGI进程管理器，它用来管理FastCGI进程。 PHP 5.5.0至5.5.11版本的FPM中的sapi/fpm/fpm/fpm_unix.c文件存在安全漏洞，该漏洞源于程序对UNIX套接字使用0666权限。本地攻击者可借助特制的FastCGI客户端利用该漏洞获取特权。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-0185

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-0185

Please Login to view more intelligence information

https://hoffmann-christian.info/files/php-fpm/0001-Fix-bug-67060-use-default-mode-of-660.patchx_refsource_MISC
http://support.apple.com/kb/HT6443x_refsource_CONFIRM
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027x_refsource_CONFIRM
http://www.php.net/archive/2014.php#id2014-05-01-1x_refsource_CONFIRM
http://www.php.net/ChangeLog-5.phpx_refsource_CONFIRM
https://github.com/php/php-src/commit/35ceea928b12373a3b1e3eecdc32ed323223a40dx_refsource_CONFIRM
https://bugs.php.net/bug.php?id=67060x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1092815x_refsource_CONFIRM
http://secunia.com/advisories/59061third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/59329third-party-advisoryx_refsource_SECUNIA
http://lists.opensuse.org/opensuse-updates/2015-10/msg00012.htmlvendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2014/04/29/5mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2014-0185

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-0185

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2014-0185

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-0185

III. Intelligence Information for CVE-2014-0185

IV. Related Vulnerabilities

V. Comments for CVE-2014-0185

Leave a comment