CVE-2019-9637

Description

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

CVSS Metrics

• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 9.87%• Percentile: 93%

Techniques & Countermeasures

• CWE-264•Permissions, Privileges, and Access Controls

  Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 16.04 | 18.04 | 18.10

• debian•debian_linux

  8.0 | 9.0

• netapp•storage_automation_store

  na

• opensuse•leap

  42.3

• Unknown•PHP

  < 7.1.27 | ≥ 7.2.0, < 7.2.16 | ≥ 7.3.0, < 7.3.3

References (15)

• https://www.debian.org/security/2019/dsa-4403
• https://bugs.php.net/bug.php?id=77630
• https://usn.ubuntu.com/3922-1/
• https://support.f5.com/csp/article/K53825211
• https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html
• https://usn.ubuntu.com/3922-2/
• https://usn.ubuntu.com/3922-3/
• http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00104.html
• https://security.netapp.com/advisory/ntap-20190502-0007/
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00012.html
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00041.html
• http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00044.html
• https://access.redhat.com/errata/RHSA-2019:2519
• https://access.redhat.com/errata/RHSA-2019:3299
• https://www.tenable.com/security/tns-2019-07