In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Debian
  • Debian Linux
Canonical
  • Ubuntu Linux
Php
  • Php

Configuration 1 [-]

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html
http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2020/Jan/40
https://access.redhat.com/errata/RHSA-2019:3286
https://access.redhat.com/errata/RHSA-2019:3287
https://access.redhat.com/errata/RHSA-2019:3299
https://access.redhat.com/errata/RHSA-2019:3300
https://access.redhat.com/errata/RHSA-2019:3724
https://access.redhat.com/errata/RHSA-2019:3735
https://access.redhat.com/errata/RHSA-2019:3736
https://access.redhat.com/errata/RHSA-2020:0322
https://bugs.php.net/bug.php?id=78599 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/neex/phuip-fpizdam Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/
https://seclists.org/bugtraq/2020/Jan/44
https://security.netapp.com/advisory/ntap-20191031-0003/
https://support.apple.com/kb/HT210919
https://support.f5.com/csp/article/K75408500?utm_source=f5support&amp%3Butm_medium=RSS
https://usn.ubuntu.com/4166-1/ Third Party Advisory
https://usn.ubuntu.com/4166-2/ Third Party Advisory
https://www.debian.org/security/2019/dsa-4552 Third Party Advisory
https://www.debian.org/security/2019/dsa-4553 Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_36
https://www.tenable.com/security/tns-2021-14
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: php

Published: 2019-10-22T00:00:00

Updated: 2021-07-22T17:07:18

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11043

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2019-10-28T15:15:13.863

Modified: 2023-11-07T03:02:37.927

Link: CVE-2019-11043

JSON object: View

cve-icon Redhat Information

No data.

CWE