10-Year-Old PHP-FPM Local Privilege Escalation Vulnerability Discovered

The vulnerability affects only systems with PHP-FPM enabled on its configuration.
PHP-FPM Local Root Vulnerability

PHP is one of the most commonly used programming languages on the planet. As you know it is a programming language originally designed for use in web-based applications with HTML content.

PHP powers 78.4% of the web, including popular content management systems like WordPress, Drupal, and Joomla. The main reason behind this is PHP’s open-source nature, lightweight structure, and developer-friendly yet powerful features. 

Security researchers are warning that a PHP-FPM local privilege escalation vulnerability impacting PHP could put millions of websites at risk. The vulnerability allows the root FPM process to read/write at arbitrary locations using pointers located in the SHM (Shared memory), leading to a privilege escalation from www-data to root. And this has been present for 10 years.

Related: How to Configure Nginx to Work with PHP via PHP-FPM

What are the affected PHP versions? This is possible in PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP-FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users.

Just for your information, here’s the percentage of PHP versions being used worldwide as of July, 2021.

PHP versions usage as of July, 2021

If you’re wondering if you are vulnerable, here’s the answer. If you are using Apache and PHP, you might be using PHP-FPM. To be sure, you need to check on your server if Apache runs PHP as a module or via PHP-FPM. However if you’re using NGINX and PHP, you are using PHP-FPM. Therefore you are vulnerable.

Luckily this vulnerability was fixed in PHP’s versions 8.0.12 and 7.4.25. So if you are running a version of PHP-FPM which is among those vulnerable, please update immediately to the highest version in your release branch.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Linux News You'll Love!

Craving the latest in Linux? Get your weekly fix with our newsletter. It's everything Linux, straight to your inbox! It's fun, it's free, and it's full of insights!

Think You're an Ubuntu Expert? Let's Find Out!

Put your knowledge to the test in our lightning-fast Ubuntu quiz!
Ten questions to challenge yourself to see if you're a Linux legend or just a penguin in the making.

1 / 10

Ubuntu is an ancient African word that means:

2 / 10

Who is the Ubuntu's founder?

3 / 10

What year was the first official Ubuntu release?

4 / 10

What does the Ubuntu logo symbolize?

5 / 10

What package format does Ubuntu use for installing software?

6 / 10

When are Ubuntu's LTS versions released?

7 / 10

What is Unity?

8 / 10

What are Ubuntu versions named after?

9 / 10

What's Ubuntu Core?

10 / 10

Which Ubuntu version is Snap introduced?

The average score is 68%

Related Posts

3 Comments

  2. The bug report, there wasn’t any explot provided. Just a bad imple.entation poined out and a theoretical scenario. However it has to be patched, indeed.

Leave a Reply

Your email address will not be published. Required fields are marked *