CVE 2008-1614
suPHP before 0.6.3 allows local users to gain privileges via (1) a race condition that involves multiple symlink changes to point a file owned by a different user, or (2) a symlink to the directory of a different user, which is used to determine privileges.
Related bugs and status
CVE-2008-1614 (Candidate) is related to these bugs:
Bug #216245: [CVE-2008-1614] privilege escalation via symlink attack
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu) | High | Fix Released | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu Dapper) | Undecided | Won't Fix | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu Edgy) | Undecided | Won't Fix | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu Gutsy) | Undecided | Won't Fix | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu Hardy) | High | Fix Released | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Ubuntu Feisty) | Undecided | Won't Fix | ||
216245 | [CVE-2008-1614] privilege escalation via symlink attack | suphp (Debian) | Unknown | Fix Released |
Bug #253268: php5-cgi not working with suphp in Hardy
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
253268 | php5-cgi not working with suphp in Hardy | suphp (Ubuntu) | Undecided | Fix Released | ||
253268 | php5-cgi not working with suphp in Hardy | php5 (Ubuntu) | Undecided | Won't Fix | ||
253268 | php5-cgi not working with suphp in Hardy | suphp (Debian) | Unknown | Fix Released | ||
253268 | php5-cgi not working with suphp in Hardy | php5 (Ubuntu Hardy) | Undecided | Won't Fix | ||
253268 | php5-cgi not working with suphp in Hardy | suphp (Ubuntu Hardy) | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.