Home > Vulnerability Database > CVE-2018-12029

Mend.io Vulnerability Database

CVE-2018-12029

Good to know:

Date: June 17, 2018

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Language: Ruby

Severity Score

7.0

Related Resources (8)

Url: https://blog.phusion.nl/passenger-5-3-2

Url: https://security.gentoo.org/glsa/201807-02

Url: https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12029

Url: https://security-tracker.debian.org/tracker/CVE-2018-12029

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-12029

Url: https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html

Url: https://www.mend.io/vulnerability-database/CVE-2018-12029

Severity Score

7.0

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

Upgrade Version

Upgrade to version passenger - 5.3.2

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-12029

Good to know:

Date: June 17, 2018

Language: Ruby

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?