This article reveals a privilege escalation vulnerability affecting PHP-FPM. The vulnerability allows a low-privilege user (such as www-data) to escalate his privileges to root using a bug in PHP-FPM, which has been present for 10 years.
Overview of the bug
A low-privilege process can read and write an array of pointers used by the main process, running as root, through shared memory. An attacker can leverage this problem to change a 32-bit integer from zero to one in the main process’s memory, or clear a memory region. By leveraging the primitive multiple times, it is possible to reach another bug, make the main process execute code, and thus escalate privileges.
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings