PHP 5.5.x < 5.5.12 FPM Unix Socket Insecure Permission Escalation
High Nessus Plugin ID 73863
SynopsisThe remote web server uses a version of PHP that is potentially affected by a permission escalation vulnerability.
DescriptionAccording to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.12. It is, therefore, potentially affected by a permission escalation vulnerability.
A flaw exists within the FastCGI Process Manager (FPM) when setting permissions for a Unix socket. This could allow a remote attacker to gain elevated privileges after gaining access to the socket.
Note that this plugin has not attempted to exploit this issue, but instead relied only on PHP's self-reported version number.
SolutionUpgrade to PHP version 5.5.12 or later.