Bugzilla – Bug 1192050
VUL-0: CVE-2021-21703: php74,php5,php72,php53,php7: php: Local privilege escalation via PHP-FPM
Last modified: 2024-07-19 12:45:27 UTC
One can force the root FPM process to read/write at arbitrary locations using pointers located in the SHM, leading to a privilege escalation from www-data to root. Upstream bug: https://bugs.php.net/bug.php?id=81026 References: https://bugzilla.redhat.com/show_bug.cgi?id=2016535 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21703 http://seclists.org/oss-sec/2021/q4/60 http://www.debian.org/security/-1/dsa-4993 http://www.debian.org/security/-1/dsa-4992 https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21703 http://www.cvedetails.com/cve/CVE-2021-21703/ https://bugs.php.net/bug.php?id=81026 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997003 https://ssd-disclosure.com/ssd-advisory-php-spldoublylinkedlist-uaf-sandbox-escape/
Affected packages: - SUSE:SLE-11-SP3:Update/php53 5.3.17 - SUSE:SLE-12:Update/php5 5.5.14 - SUSE:SLE-12:Update/php7 7.0.7 - SUSE:SLE-12:Update/php72 7.2.5 - SUSE:SLE-12:Update/php74 7.4.6 - SUSE:SLE-15-SP2:Update/php7 7.4.6 - SUSE:SLE-15:Update/php7 7.2.5 - openSUSE:Factory/php7 7.4.24 Upstream patch: https://github.com/php/php-src/commit/cb2021e5f69da5e2868130a05bb53db0f9f89e4b
(In reply to Gabriele Sonnu from comment #1) > - openSUSE:Factory/php7 7.4.24 This is already fixed: 7.4.25 is in Factory yet. Also 7.4.25 have been submitted into SUSE:SLE-15-SP4:GA. https://build.suse.de/request/show/257194
(In reply to Gabriele Sonnu from comment #1) > - SUSE:SLE-11-SP3:Update/php53 5.3.17 https://maintenance.suse.de/maintained/ for php53 does not show php53-fpm, so I think it is not supported. > - SUSE:SLE-12:Update/php5 5.5.14 > - SUSE:SLE-12:Update/php7 7.0.7 As far as I know from https://confluence.suse.com/display/SLE/PHP these codestreams are not supported anymore. Please correct me if I am wrong.
Packages submitted in 15sp2,15/php7, 12/php74 and 12/php72.
SUSE-SU-2021:3726-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1192050 CVE References: CVE-2021-21703 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php74-7.4.6-1.27.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php74-7.4.6-1.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3727-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1192050 CVE References: CVE-2021-21703 JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): php72-7.2.5-1.72.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php72-7.2.5-1.72.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2021:3943-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1175508,1192050,1193041 CVE References: CVE-2021-21703,CVE-2021-21707 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): php7-7.4.6-3.29.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): php7-7.4.6-3.29.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): php7-7.4.6-3.29.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src): php7-7.4.6-3.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2021:3943-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1175508,1192050,1193041 CVE References: CVE-2021-21703,CVE-2021-21707 JIRA References: Sources used: openSUSE Leap 15.3 (src): php7-7.4.6-3.29.1, php7-test-7.4.6-3.29.1
openSUSE-SU-2021:1570-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1175508,1192050,1193041 CVE References: CVE-2021-21703,CVE-2021-21707 JIRA References: Sources used: openSUSE Leap 15.2 (src): php7-7.4.6-lp152.2.21.1, php7-test-7.4.6-lp152.2.21.1
openSUSE-SU-2022:0679-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1038980,1081790,1192050,1193041 CVE References: CVE-2015-9253,CVE-2017-8923,CVE-2021-21703,CVE-2021-21707 JIRA References: Sources used: openSUSE Leap 15.4 (src): php7-7.2.5-4.89.4
SUSE-SU-2022:0679-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1038980,1081790,1192050,1193041 CVE References: CVE-2015-9253,CVE-2017-8923,CVE-2021-21703,CVE-2021-21707 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15-SP1 (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise Server for SAP 15 (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise Server 15-SP1-LTSS (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise Server 15-SP1-BCL (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise Server 15-LTSS (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): php7-7.2.5-4.89.4 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): php7-7.2.5-4.89.4 SUSE Enterprise Storage 6 (src): php7-7.2.5-4.89.4 SUSE CaaS Platform 4.0 (src): php7-7.2.5-4.89.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3661-1: An update that solves three vulnerabilities, contains two features and has one errata is now available. Category: security (important) Bug References: 1192050,1200772,1203867,1203870 CVE References: CVE-2021-21703,CVE-2022-31628,CVE-2022-31629 JIRA References: SLE-23639,SLE-24723 Sources used: openSUSE Leap 15.4 (src): apache2-mod_php8-8.0.24-150400.4.14.1, php8-8.0.24-150400.4.14.1, php8-embed-8.0.24-150400.4.14.1, php8-fastcgi-8.0.24-150400.4.14.1, php8-fpm-8.0.24-150400.4.14.1, php8-test-8.0.24-150400.4.14.1 SUSE Linux Enterprise Module for Web Scripting 15-SP4 (src): apache2-mod_php8-8.0.24-150400.4.14.1, php8-8.0.24-150400.4.14.1, php8-embed-8.0.24-150400.4.14.1, php8-fastcgi-8.0.24-150400.4.14.1, php8-fpm-8.0.24-150400.4.14.1, php8-test-8.0.24-150400.4.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1192050) was mentioned in https://build.opensuse.org/request/show/1113638 Factory / php8
All done, closing.