The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2013-03-21T17:00:00

Updated: 2024-08-06T15:04:48.266Z

Reserved: 2013-01-26T00:00:00

Link: CVE-2013-1427

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-03-21T17:55:03.117

Modified: 2017-08-29T01:33:09.447

Link: CVE-2013-1427

cve-icon Redhat

No data.