The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2013-03-21T17:00:00
Updated: 2024-08-06T15:04:48.266Z
Reserved: 2013-01-26T00:00:00
Link: CVE-2013-1427
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-03-21T17:55:03.117
Modified: 2017-08-29T01:33:09.447
Link: CVE-2013-1427
Redhat
No data.