Gentoo update for Passenger
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2018-12026 CVE-2018-12027 CVE-2018-12028 CVE-2018-12029 |
| CWE-ID | CWE-264 CWE-200 CWE-284 CWE-362 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU13989
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12026
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The vulnerability exists due to the SpawningKit subsystem of the affected software allows applications to replace key files or directories in the spawning communication directory with symbolic links. A local attacker can create a symbolic link designed to submit malicious input to a targeted system, execute read and write commands on arbitrary file paths on the system and use it to gain elevated privileges or access sensitive information.
MitigationUpdate the affected packages.
www-apache/passenger to version: 5.3.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201807-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU13988
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12027
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to insufficient security restrictions imposed on the SpawningKit subsystem. When an application process that is managed by the affected software reports that it is listening on a certain UNIX domain socket, and the parent directories of the application socket are writable by users other than the user of the application, a local attacker can swap a directory with attacker-controlled contents, redirect traffic to an attacker-controlled process via an alternative, attacker-controlled UNIX domain socket and use it to access sensitive information.
MitigationUpdate the affected packages.
www-apache/passenger to version: 5.3.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201807-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU13991
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12028
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions.
The vulnerability exists due to improper access control in the SpawningKit subsystem of the affected software. A local attacker can use Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates an error, it would cause Passenger's process manager to kill said reported arbitrary PID.
MitigationUpdate the affected packages.
www-apache/passenger to version: 5.3.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201807-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Race condition
EUVDB-ID: #VU13990
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-12029
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges.
The vulnerability exists due to a race condition that could occur when a non-standard passenger_instance_registry_dir setting n the Nginx moduleis configured with insufficient permissions. A local attacker can replace a file with a symbolic link after the file has been created before the file has changed ownershipto gain elevated privileges on the system if the target of the symbolic link is a file that can be executed as root, such as the crontab file.
MitigationUpdate the affected packages.
www-apache/passenger to version: 5.3.2
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201807-02
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
