CVE-2018-12029

EPSS 0.1%
Published 17.06.2018 20:29:00
Last modified 21.11.2024 03:44:27
Source cve@mitre.org
Teams watchlist Login
Open Login

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Phusion ≫ Passenger Version >= 3.0.0 < 5.3.2

Debian ≫ Debian Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.281

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html

Third Party Advisory

Mailing List

https://blog.phusion.nl/passenger-5-3-2

Vendor Advisory

Mitigation

https://security.gentoo.org/glsa/201807-02

Third Party Advisory

https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-12029

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-12029

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-12029

EUVD