UBUNTU-CVE-2015-5723

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2015-5723

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5723.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-5723

Related

CVE-2015-5723

Published

2016-06-07T14:06:00Z

Modified

2016-06-07T14:06:00Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

References

Affected packages

Ubuntu:16.04:LTS / doctrine

Package

Name: doctrine
Purl: pkg:deb/ubuntu/doctrine?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.8-2

Affected versions

2.*

2.4.7-2

2.4.8-1

2.4.8-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.4.8-2",
            "binary_name": "doctrine-orm-doc"
        },
        {
            "binary_version": "2.4.8-2",
            "binary_name": "php-doctrine-orm"
        }
    ]
}

Ubuntu:16.04:LTS / php-doctrine-annotations

Package

Name: php-doctrine-annotations
Purl: pkg:deb/ubuntu/php-doctrine-annotations?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.7-1build1

Affected versions

1.*

1.2.6-1

1.2.7-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.2.7-1build1",
            "binary_name": "php-doctrine-annotations"
        }
    ]
}

Ubuntu:16.04:LTS / php-doctrine-cache

Package

Name: php-doctrine-cache
Purl: pkg:deb/ubuntu/php-doctrine-cache?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0-1ubuntu2

Affected versions

1.*

1.4.1-1

1.4.2-1

1.4.3-1

1.5.4-1

1.6.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.0-1ubuntu2",
            "binary_name": "php-doctrine-cache"
        }
    ]
}

Ubuntu:16.04:LTS / php-doctrine-common

Package

Name: php-doctrine-common
Purl: pkg:deb/ubuntu/php-doctrine-common?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.3-1ubuntu1

Affected versions

2.*

2.4.2-3

2.4.3-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.4.3-1ubuntu1",
            "binary_name": "php-doctrine-common"
        }
    ]
}

Ubuntu:18.04:LTS / php-doctrine-annotations

Package

Name: php-doctrine-annotations
Purl: pkg:deb/ubuntu/php-doctrine-annotations?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.0really1.2.7-1

Affected versions

1.*

1.2.7-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.0really1.2.7-1",
            "binary_name": "php-doctrine-annotations"
        }
    ]
}