[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
The attachment "Official upstream patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
** Bug watch added: bugs.php.net/ #67060 http://bugs.php.net/bug.php?id=67060 ** Also affects: php via http://bugs.php.net/bug.php?id=67060 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
This bug was fixed in the package php5 - 5.5.3+dfsg-1ubuntu2.4 --- php5 (5.5.3+dfsg-1ubuntu2.4) saucy-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc DeslauriersThu, 19 Jun 2014 13:33:33 -0400 ** Changed in: php5 (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0185 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0237 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-0238 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2014-4049 ** Changed in: php5 (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
This bug was fixed in the package php5 - 5.3.10-1ubuntu3.12 --- php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc DeslauriersThu, 19 Jun 2014 13:44:17 -0400 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
I'm worried this fix might be broken: I upgraded php5-fpm on my 14.04 system, and the socket was changed to root:root rather than root:www- data, so nginx could no longer connect to it. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
Yep, reproduced it on another system. Temporary fix: sudo chown :www-data /var/run/php5-fpm.sock Configuration fix: Uncomment "listen.group = www-data" in /etc/php5/fpm/pool.d/www.conf -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1307027] Re: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets
A fix for the socket permissions is being handled in bug 1334337 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/1307027 Title: php5-fpm: Possible privilege escalation due to insecure default permissions of sockets To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1307027/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
