Support Mail Telefon Webmail
Support Mail Telefon Webmail

php-fpm master process restarts child process in an endless loop when using Program execution Function (CVE-2015-9253)

Abstract

php-fpm master process restarts child process in an endless loop when using Program execution Functions (passthru(), exec(), shell_exec(), system(), ...) with non-blocking STDIN stream causing php-fpm master eating up 100% CPU and rapidly eating up available Storage Space with extremly fast (CPU Speed dependent) growing Error Logs.

Credit

Andreas Schnederle-Wagner, 16.02.2018 and others (see linked PHP Bug Reports)

Contact

For feedback or questions about this advisory mail me at schnederle@futureweb.at

Affected Software

PHP

Tested versions

5.4 - 7.2.2 (earlier Versions most likely also affected)

CVE ID

CVE-2015-9253

CWE ID

CWE-835, CWE-674, CWE-400

Attack Type, Impact

'Uncontrolled Recursion' (child restart loop) resulting in 'Uncontrolled Resource Consumption' - 100% CPU usage & Storage Space exhaustion

Access Complexity, Authentication

very low, access to shared hosting Server

Fix

Fixed in:
7.2.8
7.1.20
7.3.0alpha3

Introduction

PHP is a server-side scripting language designed for web development but also used as a general-purpose programming language.

Details

This Bug can be used to DOS Shared Hosting Services with php-fpm master process eating up 100% CPU and rapidly eating up all available Diskspace.

Proof of concept

Source

https://bugs.php.net/bug.php?id=75968
https://bugs.php.net/bug.php?id=70185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9253

https://nvd.nist.gov/vuln/detail/CVE-2015-9253
https://vuldb.com//?id.113566
https://access.redhat.com/security/cve/cve-2015-9253

Ihre Vorteile
Kostenlose Einrichtung

der Emails per Fernwartung!

Keine lange Bindung

alle 3 Monate kündbar!

Telefonsupport

zu Geschäfszeiten

Notfallshotline

außerhalb der Geschäftszeiten

24 Stunden

Email-Support

Powerserver

Hochleistungs
HP Blade Server

Virtualisierung

für mehr Sicherheit

Storage

schnelle & mehrfach
redundante SAN-Storage

 
 
Standort
Innsbrucker Str. 4
6380 St. Johann in Tirol
Österreich
Kontakt
Tel.: 05352 65335
Email: info@futureweb.at
Web: www.futureweb.at