Bug 2016535 (CVE-2021-21703)
Summary: | CVE-2021-21703 php: Local privilege escalation via PHP-FPM | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | fedora, hhorak, jdreese, jorton, mark, rcollet, seferovic |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 7.4.25, php 8.0.12 | Doc Type: | If docs needed, set a value |
Doc Text: |
php-fpm has a vulnerability which may lead to local privilege escalation. This vulnerability is hard to exploit as the attack needs to escape the FPM sandbox mechanism. When a complete attack is achieved it may lead to risk for confidentiality, data integrity, and system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-05-12 01:15:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2017111, 2017129, 2018202, 2018203, 2018204, 2100754 | ||
Bug Blocks: | 2016537 |
Description
Pedro Sampaio
2021-10-21 20:27:32 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 2017129] Upstream patch for this issue: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b Currently PHP has a flaw on FPM scoreboard mechanism, which when leveraged by an attacker can lead to local privilege escalation. Currently PHP maintains several per-workers scoreboard related structures accessed indirectly by pointers to a shared memory mapping, if an attacker manage to escape FPM sandbox and overwrite those values it may gain control over these structures leading to a possible privilege escalation. Such attack is high in complexity as, to be successful, the attacker needs to chain it with a sandbox escape exploit firstly or have access to the PHP host. Hi, any info on when an errata will be published for this flaw? TIA! Can you please provide an update as to whether this will be fixed? Specifically, when do you expect this to be corrected in Red Hat Software Collections (rh-php73-php)? See https://access.redhat.com/security/cve/cve-2021-21703. Thank you! This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1935 https://access.redhat.com/errata/RHSA-2022:1935 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21703 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:5491 https://access.redhat.com/errata/RHSA-2022:5491 |