CVE-2018-10545

LOW

Description

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.

References

http://php.net/ChangeLog-5.php

http://php.net/ChangeLog-7.php

http://www.securityfocus.com/bid/104022

https://access.redhat.com/errata/RHSA-2019:2519

https://bugs.php.net/bug.php?id=75605

https://lists.debian.org/debian-lts-announce/2018/05/msg00004.html

https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html

https://security.gentoo.org/glsa/201812-01

https://security.netapp.com/advisory/ntap-20180607-0003/

https://usn.ubuntu.com/3646-1/

https://usn.ubuntu.com/3646-2/

https://www.debian.org/security/2018/dsa-4240

https://www.tenable.com/security/tns-2018-12

Details

Source: MITRE

Published: 2018-04-29

Updated: 2019-08-19

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW

CVSS v3.0

Base Score: 4.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1

Severity: MEDIUM

Vulnerable Software

ID	Name	Product	Family	Severity
137966	EulerOS Virtualization 3.0.6.0 : php (EulerOS-SA-2020-1747)	Nessus	Huawei Local Security Checks	critical
132184	EulerOS 2.0 SP3 : php (EulerOS-SA-2019-2649)	Nessus	Huawei Local Security Checks	critical
131592	EulerOS 2.0 SP2 : php (EulerOS-SA-2019-2438)	Nessus	Huawei Local Security Checks	critical
129178	EulerOS 2.0 SP5 : php (EulerOS-SA-2019-1984)	Nessus	Huawei Local Security Checks	high
122591	PHP 5.6.x < 5.6.35 Security Bypass Vulnerability	Nessus	CGI abuses	low
98867	PHP 7.2.x < 7.2.4 Dumpable FPM Child Processes	Web Application Scanning	Component Vulnerability	low
98860	PHP 7.1.x < 7.1.17 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
98849	PHP 7.0.x < 7.0.30 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
120023	SUSE SLES12 Security Update : php5 (SUSE-SU-2018:1291-1)	Nessus	SuSE Local Security Checks	medium
120021	SUSE SLES12 Security Update : php7 (SUSE-SU-2018:1176-1)	Nessus	SuSE Local Security Checks	medium
119320	GLSA-201812-01 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
117672	Tenable SecurityCenter < 5.7.1 Multiple Vulnerabilities (TNS-2018-12)	Nessus	Misc.	high
110928	Debian DSA-4240-1 : php7.0 - security update	Nessus	Debian Local Security Checks	high
110697	Debian DLA-1397-1 : php5 security update	Nessus	Debian Local Security Checks	high
109878	openSUSE Security Update : php5 (openSUSE-2018-465)	Nessus	SuSE Local Security Checks	medium
109860	SUSE SLES11 Security Update : php53 (SUSE-SU-2018:1294-1)	Nessus	SuSE Local Security Checks	medium
109812	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : PHP vulnerabilities (USN-3646-1)	Nessus	Ubuntu Local Security Checks	medium
109714	openSUSE Security Update : php7 (openSUSE-2018-441)	Nessus	SuSE Local Security Checks	medium
109657	Debian DLA-1373-1 : php5 security update	Nessus	Debian Local Security Checks	medium
109579	PHP 7.2.x < 7.2.5 Stack Buffer Overflow	Nessus	CGI abuses	medium
109578	PHP 7.1.x < 7.1.17 Multiple Vulnerabilities	Nessus	CGI abuses	medium
109577	PHP 7.0.x < 7.0.30 Multiple Vulnerabilities	Nessus	CGI abuses	medium

CVE-2018-10545

LOW

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Tenable Plugins

critical

critical

critical

high

low

low

medium

medium

medium

medium

medium

high

high

high

medium

medium

medium

medium

medium

medium

medium

medium