[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

PHP - (bulletinapr2018)

ID: oval:org.secpod.oval:def:2101920Date: (C)2020-01-02   (M)2022-10-10
Class: PATCHFamily: unix




An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user"s PHP applications by running gcore on the PID of the PHP-FPM worker process.

Platform:
Sun Solaris 11
Product:
web/php-71
web/php-56
Reference:
bulletinapr2018
CVE-2018-10545
CVE-2018-10546
CVE-2018-10547
CVE-2018-10548
CVE-2018-10549
CVE    5
CVE-2018-10546
CVE-2018-10545
CVE-2018-10549
CVE-2018-10548
...
CPE    1
cpe:/o:oracle:solaris:11

© SecPod Technologies