Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-12029

Good to know:

icon

Date: June 17, 2018

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Language: Ruby

Severity Score

Related Resources (8)

https://blog.phusion.nl/passenger-5-3-2
https://security.gentoo.org/glsa/201807-02
https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes
https://nvd.nist.gov/vuln/detail/CVE-2018-12029
https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/passenger/CVE-2018-12029.yml
https://www.mend.io/vulnerability-database/CVE-2018-12029

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version passenger - 5.3.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): LOCAL
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us