Published: 02/04/2008 Updated: 08/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 6.4 | Exploitability Score: 3.1

VMScore: 383

Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P

suPHP prior to 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sebastian marsching suphp

It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users For the stable distribution (etch), this problem has been fixed in version 062-1+etch0 For the unstable distribution (sid), this problem will be fixed soon We recommend that ...

CWE-264 http://lists.marsching.biz/pipermail/suphp/2008-March/001750.html http://secunia.com/advisories/29615 http://www.debian.org/security/2008/dsa-1550 http://www.securityfocus.com/bid/28568 http://secunia.com/advisories/29872 https://bugzilla.redhat.com/show_bug.cgi?id=439687 http://secunia.com/advisories/29648 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00075.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00014.html http://www.vupen.com/english/advisories/2008/1073/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41582 https://www.debian.org/security/./dsa-1550 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1614

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect