An issue exists in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger prior to 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
phusion passenger |
Vulmon