The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2013-03-21T17:00:00
Updated: 2017-08-28T12:57:01
Reserved: 2013-01-26T00:00:00
Link: CVE-2013-1427
JSON object: View
NVD Information
Status : Modified
Published: 2013-03-21T17:55:03.117
Modified: 2017-08-29T01:33:09.447
Link: CVE-2013-1427
JSON object: View
Redhat Information
No data.
CWE