Linux Today: Linux News On Internet Time.

Testing CVE-2019-11043 (php-fpm security vulnerability) with LXD system containers

Oct 31, 2019, 14:00 (0 Talkback[s])
(Other stories by Simos)

CVE-2019-11043 is a buffer overflow in php-fpm that under certain conditions, can lead to remote execution. There is an exploit at PHuiP-FPizdaM that targets certain nginx and php-fpm configurations. On their page, they describe how to use Docker to test this exploit. In this post, we use LXD to test the exploit and verify whether it actually works.

Complete Story