Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2018-12029

Published: 17/06/2018 Updated: 08/03/2019
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Passenger

Vulnerability Summary

A race condition in the nginx module in Phusion Passenger 3.x up to and including 5.x prior to 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phusion passenger

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2018-12029
Debian Bug report logs - #921767 CVE-2018-12029 Package: src:passenger; Maintainer for src:passenger is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 8 Feb 2019 21:51:20 UTC Severity: minor Tags: patch, security, upst ...
Debian CVElist Bug Report Logs: passenger: CVE-2017-16355: arbitrary file read
Debian Bug report logs - #884463 passenger: CVE-2017-16355: arbitrary file read Package: src:passenger; Maintainer for src:passenger is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Dec 2017 15:21:02 UTC Severi ...
Red Hat: CVE-2018-12029
A race condition in the nginx module in Phusion Passenger 3x through 5x before 532 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link ...

References

CWE-362https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-eschttps://blog.phusion.nl/passenger-5-3-2https://lists.debian.org/debian-lts-announce/2018/06/msg00007.htmlhttps://security.gentoo.org/glsa/201807-02https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921767https://access.redhat.com/security/cve/cve-2018-12029
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook