PT-2014-1416 · Php+1 · Php+1
Published
2014-06-08
·
Updated
2023-01-19
·
CVE-2014-3981
CVSS v2.0
3.3
Low
| Vector | AV:L/AC:M/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP versions 5.5.13 and earlier
Description
The issue allows a local user to overwrite arbitrary files by exploiting a symlink attack on the /tmp/phpglibccheck file. This is due to a vulnerability in acinclude.m4, which is used in the configure script in PHP.
Recommendations
For PHP versions 5.5.13 and earlier, consider restricting access to the /tmp/phpglibccheck file to prevent exploitation. As a temporary workaround, avoid using the configure script until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hp-Ux
Php