CVE-2018-12029 — Race Condition in Passenger
Severity
7.0HIGHNVD
OSV4.7
EPSS
0.1%
top 72.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 17
Latest updateMay 14
Description
A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
CVSS vector
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages4 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
5📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2018-12029 passenger: CHMOD race condition in nginx_module/ngx_http_passenger_module.c allows for local privilege escalation↗2018-06-19
Bugzilla▶
CVE-2018-12029 passenger: CHMOD race condition in nginx_module/ngx_http_passenger_module.c allows for local privilege escalation [epel-7]↗2018-06-19
Bugzilla▶
CVE-2018-12029 passenger: CHMOD race condition in nginx_module/ngx_http_passenger_module.c allows for local privilege escalation [fedora-all]↗2018-06-19
Bugzilla▶
CVE-2017-16652 CVE-2018-11385 CVE-2018-11386 CVE-2018-11406 CVE-2018-11407 CVE-2018-11408 php-symfony: Multiple flaws↗2018-06-14