CVE-2018-10545

Description

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.

CVSS Metrics

• v3.0•MEDIUM•Score: 4.7CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
• v2.0•LOW•Score: 1.9AV:L/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.05%• Percentile: 17%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 16.04 | 17.10 | 18.04

• debian•debian_linux

  7.0 | 8.0 | 9.0

• netapp•storage_automation_store

  na

• Unknown•PHP

  < 5.6.35 | ≥ 7.0.0, < 7.0.29 | ≥ 7.1.0, < 7.1.16 | ≥ 7.2.0, < 7.2.4

References (13)

• https://bugs.php.net/bug.php?id=75605
• https://usn.ubuntu.com/3646-2/
• http://www.securityfocus.com/bid/104022
• https://www.debian.org/security/2018/dsa-4240
• https://www.tenable.com/security/tns-2018-12
• https://usn.ubuntu.com/3646-1/
• http://php.net/ChangeLog-5.php
• https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html
• http://php.net/ChangeLog-7.php
• https://security.gentoo.org/glsa/201812-01
• https://security.netapp.com/advisory/ntap-20180607-0003/
• https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html
• https://access.redhat.com/errata/RHSA-2019:2519