CVE-2021-21703
Summary
| CVE | CVE-2021-21703 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-10-25 06:15:00 UTC |
| Updated | 2023-11-07 03:30:00 UTC |
| Description | In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Application | Oracle | Communications Diameter Signaling Router | All | All | All | All |
| Application | Php | Php | All | All | All | All |
| Application | Php | Php | All | All | All | All |
| Application | Php | Php | All | All | All | All |
| Application | Php | Php | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 33 Update: php-7.4.25-1.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| PHP: Multiple Vulnerabilities (GLSA 202209-20) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 34 Update: php-7.4.25-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| Debian -- Security Information -- DSA-4993-1 php7.3 | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 34 Update: php-7.4.25-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] [DLA 2794-1] php7.0 security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 35 Update: php-8.0.12-2.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Oracle Critical Patch Update Advisory - January 2022 | MISC | www.oracle.com | |
| [SECURITY] Fedora 33 Update: php-7.4.25-1.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 35 Update: php-8.0.12-2.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Debian -- Security Information -- DSA-4992-1 php7.4 | DEBIAN | www.debian.org | |
| PHP :: Sec Bug #81026 :: PHP-FPM oob R/W in root process leading to privilege escalation | MISC | bugs.php.net | |
| CVE-2021-21703 PHP Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| oss-security - CVE-2021-21703: PHP-FPM 5.3.7 <= 8.0.12 Local Root | MLIST | www.openwall.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Reported by Charles Fol
Legacy QID Mappings
- 159834 Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2022-1935)
- 178828 Debian Security Update for php7.3 (DSA 4993-1)
- 178830 Debian Security Update for php7.4 (DSA 4992-1)
- 178872 Debian Security Update for php7.0 (DLA 2794-1)
- 198553 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerability (USN-5125-1)
- 240318 Red Hat Update for php:7.4 (RHSA-2022:1935)
- 240535 Red Hat Update for rh-php73-php (RHSA-2022:5491)
- 282020 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-9f68f5f752)
- 282021 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2021-4140b54de2)
- 296066 Oracle Solaris 11.4 Support Repository Update (SRU) 40.107.3 Missing (CPUOCT2021)
- 376959 NetApp Clustered Data Open Network Technology for Appliance Products (ONTAP) Disclosure of Sensitive Information Vulnerability (NTAP-20211118-0003)
- 38870 Hypertext Preprocessor (PHP) Privilege Escalation Vulnerability
- 501145 Alpine Linux Security Update for php7
- 501664 Alpine Linux Security Update for php7
- 501667 Alpine Linux Security Update for php8
- 502332 Alpine Linux Security Update for php81
- 671152 EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2021-2810)
- 710633 Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202209-20)
- 751383 SUSE Enterprise Linux Security Update for php72 (SUSE-SU-2021:3727-1)
- 751385 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2021:3726-1)
- 751467 OpenSUSE Security Update for php7 (openSUSE-SU-2021:3943-1)
- 751513 OpenSUSE Security Update for php7 (openSUSE-SU-2021:1570-1)
- 751772 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:0679-1)
- 751779 OpenSUSE Security Update for php7 (openSUSE-SU-2022:0679-1)
- 752878 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4067-1)
- 752898 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)
- 752901 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)
- 753325 SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:3661-1)
- 901247 Common Base Linux Mariner (CBL-Mariner) Security Update for Hypertext Preprocessor (PHP) (7325)
- 940552 AlmaLinux Security Update for php:7.4 (ALSA-2022:1935)
- 960280 Rocky Linux Security Update for php:7.4 (RLSA-2022:1935)