CVE-2016-10345

Опубликовано: 18 апр. 2017

Источник: debian

Описание

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
passenger	fixed	6.0.10-1		package

Примечания

https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
Source present, but passenger-install-nginx-module not installed

Связанные уязвимости

CVE-2016-10345

CVSS3: 7.8

ubuntu

почти 9 лет назад

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

CVE-2016-10345

CVSS3: 5.5

redhat

около 9 лет назад

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

CVE-2016-10345

CVSS3: 7.8

nvd

почти 9 лет назад

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

GHSA-cqxw-3p7v-p9gr

CVSS3: 7.8

github

больше 7 лет назад

Phusion Passenger uses a known /tmp filename