dcsimg
 

Testing CVE-2019-11043 (php-fpm security vulnerability) with LXD system containers

Thursday Oct 31st 2019 by Simos

CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution.

CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution. There is an exploit at PHuiP-FPizdaM that targets certain nginx and php-fpm configurations. On their page, they describe how to use Docker to test this exploit. In this post, we use LXD to test the exploit and verify whether it actually works.

Complete Story

Home
Mobile Site | Full Site