Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-12029

Опубликовано: 17 июн. 2018
Источник: debian
EPSS Низкий

Описание

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
passengerfixed5.0.30-1.1package
passengerfixed5.0.30-1+deb9u1stretchpackage
ruby-passengerremovedpackage

Примечания

  • https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/

  • https://github.com/phusion/passenger/commit/207870f5b7f5cc240587ab0977d6046782ae1d86 (release-5.3.2)

  • unimportant as nginx module not built.

  • Related hardening commits:

  • https://github.com/phusion/passenger/commit/9ed61bb4641ba1f5158fca3840d4e4088805b5af (release-5.3.2)

  • https://github.com/phusion/passenger/commit/4f663c8246f529e32575d50196d11cde12a6dfda (release-5.3.3)

  • https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc

EPSS

Процентиль: 28%
0.00099
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-12029

CVSS3: 7
ubuntu
больше 7 лет назад

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

redhat логотип

CVE-2018-12029

CVSS3: 7.8
redhat
больше 7 лет назад

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

nvd логотип

CVE-2018-12029

CVSS3: 7
nvd
больше 7 лет назад

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

suse-cvrf логотип

SUSE-SU-2018:2039-1

suse-cvrf
больше 7 лет назад

Security update for rubygem-passenger

github логотип

GHSA-jjcj-fgfm-9g9r

CVSS3: 7
github
больше 3 лет назад

Phusion Passenger Race Condition Allows Privilege Escalation

EPSS

Процентиль: 28%
0.00099
Низкий