CVE-2019-11043 : Security Advisory and Response
Learn about CVE-2019-11043, a vulnerability in PHP versions 7.1.x, 7.2.x, and 7.3.x allowing remote code execution. Find mitigation steps and impact details here.
PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 are vulnerable to a remote code execution (RCE) exploit through certain FPM configurations.
Understanding CVE-2019-11043
This CVE involves an underflow vulnerability in PHP-FPM that can potentially lead to remote code execution.
What is CVE-2019-11043?
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11, a specific FPM setup configuration allows the FPM module to overwrite allocated buffers, enabling potential RCE.
The Impact of CVE-2019-11043
- CVSS Base Score: 8.7 (High)
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- Confidentiality, Integrity Impact: High
- Scope: Changed
- User Interaction: None
Technical Details of CVE-2019-11043
Vulnerability Description
The vulnerability in PHP-FPM allows attackers to write past allocated buffers into reserved space for FCGI protocol data, creating an opportunity for remote code execution.
Affected Systems and Versions
- PHP 7.1.x versions below 7.1.33
- PHP 7.2.x versions below 7.2.24
- PHP 7.3.x versions below 7.3.11
Exploitation Mechanism
Attackers can exploit this vulnerability by manipulating certain configurations of the FPM setup in PHP versions mentioned above.
Mitigation and Prevention
Immediate Steps to Take
- Configure servers like nginx to check for the existence of target files before passing them to PHP FPM.
Long-Term Security Practices
- Regularly update PHP to the latest secure versions.
- Implement secure coding practices to prevent buffer overflows.
Patching and Updates
- Apply relevant patches and updates provided by PHP to address this vulnerability.