ALT-PU-2019-3310-1
Closed vulnerabilities
Published: 2019-10-28
BDU:2020-00013
Уязвимость компонента sapi/fpm/fpm/fpm_main.c расширения PHP-FPM интерпретатора языка программирования PHP, позволяющая нарушителю выполнять произвольные команды
Severity: HIGH (8.7)
Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
References:
Published: 2019-10-28
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:2441
- openSUSE-SU-2019:2441
- openSUSE-SU-2019:2457
- openSUSE-SU-2019:2457
- http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
- 20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
- 20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
- RHSA-2019:3286
- RHSA-2019:3286
- RHSA-2019:3287
- RHSA-2019:3287
- RHSA-2019:3299
- RHSA-2019:3299
- RHSA-2019:3300
- RHSA-2019:3300
- RHSA-2019:3724
- RHSA-2019:3724
- RHSA-2019:3735
- RHSA-2019:3735
- RHSA-2019:3736
- RHSA-2019:3736
- RHSA-2020:0322
- RHSA-2020:0322
- https://bugs.php.net/bug.php?id=78599
- https://bugs.php.net/bug.php?id=78599
- https://github.com/neex/phuip-fpizdam
- https://github.com/neex/phuip-fpizdam
- FEDORA-2019-187ae3128d
- FEDORA-2019-187ae3128d
- FEDORA-2019-7bb07c3b02
- FEDORA-2019-7bb07c3b02
- FEDORA-2019-4adc49a476
- FEDORA-2019-4adc49a476
- 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
- 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra
- https://security.netapp.com/advisory/ntap-20191031-0003/
- https://security.netapp.com/advisory/ntap-20191031-0003/
- https://support.apple.com/kb/HT210919
- https://support.apple.com/kb/HT210919
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K75408500?utm_source=f5support&%3Butm_medium=RSS
- USN-4166-1
- USN-4166-1
- USN-4166-2
- USN-4166-2
- DSA-4552
- DSA-4552
- DSA-4553
- DSA-4553
- https://www.synology.com/security/advisory/Synology_SA_19_36
- https://www.synology.com/security/advisory/Synology_SA_19_36
- https://www.tenable.com/security/tns-2021-14
- https://www.tenable.com/security/tns-2021-14