Vulnerabilites related to phusion - passenger
cve-2018-12029
Vulnerability from cvelistv5
Published
2018-06-17 20:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.phusion.nl/passenger-5-3-2 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201807-02 | vendor-advisory, x_refsource_GENTOO | |
| https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root\u0027s crontab file allows privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root\u0027s crontab file allows privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.phusion.nl/passenger-5-3-2",
"refsource": "MISC",
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"name": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc",
"refsource": "MISC",
"url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1399-1] ruby-passenger security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12029",
"datePublished": "2018-06-17T20:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12615
Vulnerability from cvelistv5
Published
2018-06-21 15:00
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-21T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8",
"refsource": "MISC",
"url": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12615",
"datePublished": "2018-06-21T15:00:00Z",
"dateReserved": "2018-06-21T00:00:00Z",
"dateUpdated": "2024-09-17T04:24:12.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-16355
Vulnerability from cvelistv5
Published
2017-12-14 22:00
Modified
2024-08-05 20:20
Severity ?
EPSS score ?
Summary
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ | x_refsource_CONFIRM | |
| https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4415 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Mar/34 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:20:05.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
},
{
"name": "DSA-4415",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4415"
},
{
"name": "20190324 [SECURITY] [DSA 4415-1] passenger security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-25T06:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
},
{
"name": "DSA-4415",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4415"
},
{
"name": "20190324 [SECURITY] [DSA 4415-1] passenger security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/",
"refsource": "CONFIRM",
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"name": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
},
{
"name": "DSA-4415",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4415"
},
{
"name": "20190324 [SECURITY] [DSA 4415-1] passenger security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16355",
"datePublished": "2017-12-14T22:00:00",
"dateReserved": "2017-11-01T00:00:00",
"dateUpdated": "2024-08-05T20:20:05.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10345
Vulnerability from cvelistv5
Published
2017-04-18 20:00
Modified
2024-09-16 23:00
Severity ?
EPSS score ?
Summary
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441 | x_refsource_CONFIRM | |
| https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:21:50.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-18T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"
},
{
"name": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10345",
"datePublished": "2017-04-18T20:00:00Z",
"dateReserved": "2017-04-18T00:00:00Z",
"dateUpdated": "2024-09-16T23:00:26.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4136
Vulnerability from cvelistv5
Published
2013-09-30 19:00
Modified
2024-09-17 03:38
Severity ?
EPSS score ?
Summary
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/phusion/passenger/blob/release-4.0.6/NEWS | x_refsource_CONFIRM | |
| https://code.google.com/p/phusion-passenger/issues/detail?id=910 | x_refsource_CONFIRM | |
| https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1136.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2013/07/16/6 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:49.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://code.google.com/p/phusion-passenger/issues/detail?id=910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b"
},
{
"name": "RHSA-2013:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"name": "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://code.google.com/p/phusion-passenger/issues/detail?id=910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b"
},
{
"name": "RHSA-2013:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"name": "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS"
},
{
"name": "https://code.google.com/p/phusion-passenger/issues/detail?id=910",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/phusion-passenger/issues/detail?id=910"
},
{
"name": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b"
},
{
"name": "RHSA-2013:1136",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"name": "[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4136",
"datePublished": "2013-09-30T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:39.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1832
Vulnerability from cvelistv5
Published
2015-02-19 15:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2014/01/29/6 | mailing-list, x_refsource_MLIST | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2014/01/30/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1058992 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html | vendor-advisory, x_refsource_FEDORA | |
| https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"name": "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-19T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/29/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"name": "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140129 Re: CVE request: temporary file issue in Passenger rubygem",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/29/6"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"name": "[oss-security] 20150130 Re: CVE request: temporary file issue in Passenger rubygem",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"name": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1832",
"datePublished": "2015-02-19T15:00:00",
"dateReserved": "2014-01-30T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12028
Vulnerability from cvelistv5
Published
2018-06-17 20:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.phusion.nl/passenger-5-3-2 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201807-02 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger\u0027s process manager. If the malicious application then generates an error, it would cause Passenger\u0027s process manager to kill said reported arbitrary PID."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger\u0027s process manager. If the malicious application then generates an error, it would cause Passenger\u0027s process manager to kill said reported arbitrary PID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.phusion.nl/passenger-5-3-2",
"refsource": "MISC",
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201807-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12028",
"datePublished": "2018-06-17T20:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-1831
Vulnerability from cvelistv5
Published
2015-02-19 15:00
Modified
2024-08-06 09:50
Severity ?
EPSS score ?
Summary
Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 | x_refsource_CONFIRM | |
| https://github.com/phusion/passenger/commit/34b1087870c2 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2014/01/30/3 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1058992 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html | vendor-advisory, x_refsource_FEDORA | |
| http://openwall.com/lists/oss-security/2014/01/28/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:50:11.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/phusion/passenger/commit/34b1087870c2"
},
{
"name": "[oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"name": "[oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2014/01/28/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-19T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/phusion/passenger/commit/34b1087870c2"
},
{
"name": "[oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"name": "[oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2014/01/28/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"name": "https://github.com/phusion/passenger/commit/34b1087870c2",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/34b1087870c2"
},
{
"name": "[oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"name": "FEDORA-2015-1151",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"name": "[oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/01/28/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1831",
"datePublished": "2015-02-19T15:00:00",
"dateReserved": "2014-01-30T00:00:00",
"dateUpdated": "2024-08-06T09:50:11.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12027
Vulnerability from cvelistv5
Published
2018-06-17 20:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.phusion.nl/passenger-5-3-2 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201807-02 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application\u0027s user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user\u0027s process through an alternative Unix domain socket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application\u0027s user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user\u0027s process through an alternative Unix domain socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.phusion.nl/passenger-5-3-2",
"refsource": "MISC",
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201807-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12027",
"datePublished": "2018-06-17T20:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12026
Vulnerability from cvelistv5
Published
2018-06-17 20:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.phusion.nl/passenger-5-3-2 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201807-02 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.778Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.phusion.nl/passenger-5-3-2",
"refsource": "MISC",
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"name": "GLSA-201807-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201807-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12026",
"datePublished": "2018-06-17T20:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2119
Vulnerability from cvelistv5
Published
2014-01-02 21:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=892813 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1136.html | vendor-advisory, x_refsource_REDHAT | |
| http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | x_refsource_CONFIRM | |
| http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.872Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
},
{
"name": "RHSA-2013:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-02T20:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
},
{
"name": "RHSA-2013:1136",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2119",
"datePublished": "2014-01-02T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6135
Vulnerability from cvelistv5
Published
2019-11-19 16:56
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2012-6135 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/03/02/1 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/82533 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135 | x_refsource_CONFIRM | |
| https://www.securityfocus.com/bid/58259 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | ruby-passenger | ruby-passenger |
Version: 4.0.53-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"name": "58259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/58259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ruby-passenger",
"vendor": "ruby-passenger",
"versions": [
{
"status": "affected",
"version": "4.0.53-1"
}
]
}
],
"datePublic": "2013-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-19T16:56:41",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"name": "58259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/58259"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6135",
"datePublished": "2019-11-19T16:56:41",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:38.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2015-02-19 15:59
Modified
2024-11-21 02:05
Severity ?
Summary
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5F3E64-7C36-45D6-BCE2-A6929BB6BAEE",
"versionEndIncluding": "4.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831."
},
{
"lang": "es",
"value": "Phusion Passenger 4.0.37 permite a usuarios locales escribir a ciertos ficheros y directorios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre (1) control_process.pid o (2) un fichero generation-*. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-1831."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/61.html\"\u003eCWE-61: UNIX Symbolic Link (Symlink) Following\u003c/a\u003e",
"id": "CVE-2014-1832",
"lastModified": "2024-11-21T02:05:07.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-19T15:59:04.393",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/01/29/6"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/01/29/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-17 20:29
Modified
2024-11-21 03:44
Severity ?
Summary
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E449C3FA-972C-40B2-9C61-27FCE770E497",
"versionEndExcluding": "5.3.2",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could result in arbitrary reads and writes, which in turn can result in information disclosure and privilege escalation."
},
{
"lang": "es",
"value": "Durante la generaci\u00f3n de una aplicaci\u00f3n maliciosa gestionada por Passenger, SpawningKit en Phusion Passenger en versiones 5.3.x anteriores a la 5.3.2 permite que tales aplicaciones reemplacen archivos o directorios claves en el directorio spawning communication con v\u00ednculos simb\u00f3licos. Esto podr\u00eda resultar en lecturas y escrituras arbitrarias, que en cambio podr\u00edan resultar en una revelaci\u00f3n de informaci\u00f3n y un escalado de privilegios."
}
],
"id": "CVE-2018-12026",
"lastModified": "2024-11-21T03:44:26.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-17T20:29:00.353",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-17 20:29
Modified
2024-11-21 03:44
Severity ?
Summary
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phusion | passenger | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41BE76C0-BCC3-4D50-AC68-FE8C8DBC45DF",
"versionEndExcluding": "5.3.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root\u0027s crontab file allows privilege escalation."
},
{
"lang": "es",
"value": "Una condici\u00f3n de carrera en el m\u00f3dulo nginx en Phusion Passenger, desde las versiones 3.x hasta las 5.x anteriores a la 5.3.2, permite el escalado local de privilegios cuando se configura un passenger_instance_registry_dir no est\u00e1ndar con permisos poco estrictos. El reemplazo de un archivo con un v\u00ednculo simb\u00f3lico tras haber creado el archivo, pero antes de que se cambie el propietario, conduce a que el objetivo del enlace se cambie mediante la ruta. Apuntar a archivos sensibles como el archivo crontab del root permite el escalado de privilegios."
}
],
"id": "CVE-2018-12029",
"lastModified": "2024-11-21T03:44:27.120",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-17T20:29:00.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-03 18:54
Modified
2024-11-21 01:51
Severity ?
Summary
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-1136.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=892813 | Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phusion | passenger | * | |
| phusion | passenger | 3.0.0 | |
| phusion | passenger | 3.0.1 | |
| phusion | passenger | 3.0.2 | |
| phusion | passenger | 3.0.3 | |
| phusion | passenger | 3.0.4 | |
| phusion | passenger | 3.0.5 | |
| phusion | passenger | 3.0.6 | |
| phusion | passenger | 3.0.7 | |
| phusion | passenger | 3.0.8 | |
| phusion | passenger | 3.0.9 | |
| phusion | passenger | 3.0.10 | |
| phusion | passenger | 3.0.11 | |
| phusion | passenger | 3.0.12 | |
| phusion | passenger | 3.0.13 | |
| phusion | passenger | 3.0.14 | |
| phusion | passenger | 3.0.15 | |
| phusion | passenger | 3.0.17 | |
| phusion | passenger | 3.0.18 | |
| phusion | passenger | 3.0.19 | |
| phusion | passenger | 4.0.1 | |
| phusion | passenger | 4.0.2 | |
| phusion | passenger | 4.0.3 | |
| phusion | passenger | 4.0.4 | |
| ruby-lang | ruby | * | |
| redhat | openshift | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C",
"versionEndIncluding": "3.0.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD8C8495-4011-4B96-BB78-430B1F508548",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CD685C8-82D3-497A-84E9-238D19F15FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40AD3808-45E1-4889-98AF-4267B9DB17A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36FCE653-AFE2-4291-872E-9CA8772F0CAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF4B9EF-23CC-46E3-8700-36633924B9CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "522C4CC8-9B97-4E1D-B82B-073D14444909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FEA652-5FFF-443F-983B-4FC5A4478F9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3907694B-8E1A-4C5B-ABF0-90F023845557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AA53B5-4F58-4D38-80D7-42771F2C295C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4472ABCB-B464-4640-A892-73B4C8CB609F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "49FEE58A-FFDD-4E00-94F7-947D32CC1350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "09AFC97E-37EF-4D68-B947-C8FB43A11245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E2267254-554B-4AF2-A72B-0E346E4657C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5C406BAD-DCF8-4C46-9731-A81EBF387F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C18671-5FB1-4C97-9FDD-6D495A748DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFAD875-6DB0-4D40-9A11-E02DA954B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CC46D4-E33E-467C-B5C7-8F371D906A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2595C046-B304-42F3-8194-C259EFDBCA76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "E038BCDC-E14F-4D37-981C-BB80853C148C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
},
{
"lang": "es",
"value": "Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegaci\u00f3n de servicio (prevenci\u00f3n de inicio de la aplicaci\u00f3n) u obtener privilegios creando un fichero \"config\" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema."
}
],
"id": "CVE-2013-2119",
"lastModified": "2024-11-21T01:51:04.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-03T18:54:11.350",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-17 20:29
Modified
2024-11-21 03:44
Severity ?
Summary
An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E449C3FA-972C-40B2-9C61-27FCE770E497",
"versionEndExcluding": "5.3.2",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application\u0027s user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user\u0027s process through an alternative Unix domain socket."
},
{
"lang": "es",
"value": "Una vulnerabilidad de permisos inseguros en SpawningKit en Phusion Passenger en versiones 5.3.x anteriores a la 5.3.2 provoca una divulgaci\u00f3n de informaci\u00f3n en la siguiente situaci\u00f3n: dado un proceso de la aplicaci\u00f3n generado por Passenger que informa de que escucha en un determinado socket de dominio de Unix, si cualquiera de los directorios padre de dicho socket pueden ser escritos por un usuario normal que no sea el de la aplicaci\u00f3n, el usuario que no es de la aplicaci\u00f3n puede cambiar ese directorio por otra cosa, lo que resulta en que el tr\u00e1fico se redirige a un proceso del usuario que no es de la aplicaci\u00f3n mediante un socket de dominio de Unix alternativo."
}
],
"id": "CVE-2018-12027",
"lastModified": "2024-11-21T03:44:26.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-17T20:29:00.417",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-19 17:15
Modified
2024-11-21 01:45
Severity ?
Summary
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.0:beta1:*:*:*:ruby:*:*",
"matchCriteriaId": "B8D22A17-F554-44FE-82EF-408BC8940C18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.0:beta2:*:*:*:ruby:*:*",
"matchCriteriaId": "0F2D0D37-F5E6-43A9-8D8C-2A8B8224C9C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "19D8D9FF-51A8-4A81-B855-DB480ABEA300",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process."
},
{
"lang": "es",
"value": "RubyGems passenger versi\u00f3n 4.0.0 betas 1 y 2, permite a atacantes remotos eliminar archivos arbitrarios durante el proceso de inicio."
}
],
"id": "CVE-2012-6135",
"lastModified": "2024-11-21T01:45:53.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-19T17:15:11.237",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/02/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/58259"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-14 22:29
Modified
2024-11-21 03:16
Severity ?
Summary
In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ | Third Party Advisory | |
| cve@mitre.org | https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf | Patch, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Mar/34 | Issue Tracking, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2019/dsa-4415 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Mar/34 | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4415 | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "7E734B94-2D51-47B0-9AEF-E736969D2E82",
"versionEndExcluding": "5.1.10",
"versionStartIncluding": "5.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:open_source:*:*:*",
"matchCriteriaId": "285B15FA-D517-437D-8C69-D7C6CBAB9468",
"versionEndExcluding": "5.1.11",
"versionStartIncluding": "5.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml."
},
{
"lang": "es",
"value": "En agent/Core/SpawningKit/Spawner.h en Phusion Passenger 5.1.10 (corregido en Passenger Open Source 5.1.11 y Passenger Enterprise 5.1.10), si Passenger se est\u00e1 ejecutando como root, es posible listar el contenido de archivos arbitrarios en un sistema vinculando simb\u00f3licamente un archivo llamado REVISION de la carpeta root de la aplicaci\u00f3n a un archivo de libre elecci\u00f3n y consultando passenger-status --show=xml."
}
],
"id": "CVE-2017-16355",
"lastModified": "2024-11-21T03:16:19.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-14T22:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4415"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-19 15:59
Modified
2024-11-21 02:05
Severity ?
Summary
Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B5F3E64-7C36-45D6-BCE2-A6929BB6BAEE",
"versionEndIncluding": "4.0.36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file."
},
{
"lang": "es",
"value": "Phusion Passenger anterior a 4.0.37 permite a usuarios locales escribir a ciertos ficheros y directorios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre (1) control_process.pid o (2)un fichero generation-*."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/61.html\"\u003eCWE-61: UNIX Symbolic Link (Symlink) Following\u003c/a\u003e",
"id": "CVE-2014-1831",
"lastModified": "2024-11-21T02:05:06.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-19T15:59:02.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/01/28/8"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/phusion/passenger/commit/34b1087870c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/01/28/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2014/01/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1058992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/phusion/passenger/commit/34b1087870c2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 21:55
Modified
2024-11-21 01:54
Severity ?
Summary
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E22179A8-F51E-4F78-8A42-E579F43729F4",
"versionEndIncluding": "4.0.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C18671-5FB1-4C97-9FDD-6D495A748DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFAD875-6DB0-4D40-9A11-E02DA954B197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1CC46D4-E33E-467C-B5C7-8F371D906A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2595C046-B304-42F3-8194-C259EFDBCA76",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/."
},
{
"lang": "es",
"value": "ext/common/ServerInstanceDir.h en Phusion Passenger gem anteriores a 4.0.6 para Ruby permite a usuarios locales obtener privilegios o posiblemente cambiar el propietario de directorios arbitrarios a trav\u00e9s de un ataque de enlaces simb\u00f3licos sobre un directorio con nombre predecible en /tmp/."
}
],
"id": "CVE-2013-4136",
"lastModified": "2024-11-21T01:54:57.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T21:55:07.223",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/6"
},
{
"source": "secalert@redhat.com",
"url": "https://code.google.com/p/phusion-passenger/issues/detail?id=910"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/phusion-passenger/issues/detail?id=910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/phusion/passenger/blob/release-4.0.6/NEWS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-18 20:59
Modified
2024-11-21 02:43
Severity ?
Summary
In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC73972-CB17-4C3D-A09A-DF5CF226AA10",
"versionEndIncluding": "5.0.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."
},
{
"lang": "es",
"value": "En Phusion Passenger en versiones anteriores a 5.1.0, un nombre de archivo /tmp conocido fue utilizado durante la ejecuci\u00f3n de passenger-install-nginx-module, lo que podr\u00eda permitir a atacantes locales obtener los privilegios del usuario de passenger."
}
],
"id": "CVE-2016-10345",
"lastModified": "2024-11-21T02:43:50.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-18T20:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-21 15:29
Modified
2024-11-21 03:45
Severity ?
Summary
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF34C59-909A-4C72-B19B-2C68C566856F",
"versionEndExcluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en switchGroup() en agent/ExecHelper/ExecHelperMain.cpp en Phusion Passenger en versiones anteriores a la 5.3.2. El conjunto de grupos (gidset) no est\u00e1 configurado correctamente, lo que hace que sea aleatorio (p. ej. la memoria no inicializada) decidir qu\u00e9 grupos suplementarios se est\u00e1n estableciendo mientras se bajan los privilegios."
}
],
"id": "CVE-2018-12615",
"lastModified": "2024-11-21T03:45:32.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-21T15:29:00.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-17 20:29
Modified
2024-11-21 03:44
Severity ?
Summary
An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.phusion.nl/passenger-5-3-2 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201807-02 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E449C3FA-972C-40B2-9C61-27FCE770E497",
"versionEndExcluding": "5.3.2",
"versionStartIncluding": "5.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger\u0027s process manager. If the malicious application then generates an error, it would cause Passenger\u0027s process manager to kill said reported arbitrary PID."
},
{
"lang": "es",
"value": "Una vulnerabilidad de control de acceso incorrecto en SpawningKit en Phusion Passenger en versiones 5.3.x anteriores a la 5.3.2 permite que una aplicaci\u00f3n maliciosa gestionada por Passenger, al generar un proceso hijo, informe de un PID arbitrario diferente al gestor de procesos de Passenger. Si la aplicaci\u00f3n maliciosa genera un error, provocar\u00eda que el gestor de procesos de Passenger mate dicho PID arbitrario reportado."
}
],
"id": "CVE-2018-12028",
"lastModified": "2024-11-21T03:44:26.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-17T20:29:00.463",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://blog.phusion.nl/passenger-5-3-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201807-02"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}