exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2021-21703

Status Candidate

Overview

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.

Related Files

Gentoo Linux Security Advisory 202209-20
Posted Sep 30, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202209-20 - Multiple vulnerabilities have been discovered in PHP, the worst of which could result in local root privilege escalation. Versions less than 7.4.30:7.4 are affected.

tags | advisory, local, root, php, vulnerability
systems | linux, gentoo
advisories | CVE-2021-21703, CVE-2021-21704, CVE-2021-21705, CVE-2021-21708, CVE-2022-31625, CVE-2022-31626, CVE-2022-31627
SHA-256 | 32033fadca7b14049c6a84194d227cf9986263bb6581ad379d00c7d51c73328c
Red Hat Security Advisory 2022-5491-01
Posted Jul 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.

tags | advisory, web, overflow, php, vulnerability
systems | linux, redhat
advisories | CVE-2021-21703, CVE-2021-21707, CVE-2022-31625, CVE-2022-31626
SHA-256 | 36e1c6ff0f104cd3b9632850a092a8a5455e29cb191ef477cb08e06cd0f97920
Red Hat Security Advisory 2022-1935-01
Posted May 11, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1935-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, privilege escalation, and server-side request forgery vulnerabilities.

tags | advisory, web, php, vulnerability
systems | linux, redhat
advisories | CVE-2021-21703, CVE-2021-21705
SHA-256 | 5ac37a20c66d6dd00fcf5f109c3261ba56a23ac26523e73dc2b13bec0d586020
Debian Security Advisory 4992-1
Posted Oct 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4992-1 - An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.

tags | advisory, local, root, php
systems | linux, debian
advisories | CVE-2021-21703
SHA-256 | 7eec7aed62e18b2dfec41e256af21cc45159a0fae6aba1c3dd50596c44e2a3b6
Debian Security Advisory 4993-1
Posted Oct 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4993-1 - An out-of-bounds read and write flaw was discovered in the PHP-FPM code, which could result in escalation of privileges from local unprivileged user to the root user.

tags | advisory, local, root, php
systems | linux, debian
advisories | CVE-2021-21703
SHA-256 | 868f99b2a929439d737bae2acf46f1a13320c4b591cc7b1b3f0ca81ca5a720c6
Ubuntu Security Notice USN-5125-1
Posted Oct 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5125-1 - It was discovered that PHP-FPM in PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code.

tags | advisory, arbitrary, php
systems | linux, ubuntu
advisories | CVE-2021-21703
SHA-256 | d21525acd8302ff0a222bb83d5aaf4626c4e5306cce80cee1e2e72aac37eef61
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close