Information disclosure in Phusion Passenger - CVE-2018-12027
Published: July 23, 2018 / Updated: July 24, 2018
Vulnerability identifier: #VU13988
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12027
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Phusion B.V.
Affected software:
Phusion Passenger
Phusion Passenger
Detailed vulnerability description
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to insufficient security restrictions imposed on the SpawningKit subsystem. When an application process that is managed by the affected software reports that it is listening on a certain UNIX domain socket, and the parent directories of the application socket are writable by users other than the user of the application, a local attacker can swap a directory with attacker-controlled contents, redirect traffic to an attacker-controlled process via an alternative, attacker-controlled UNIX domain socket and use it to access sensitive information.
How to mitigate CVE-2018-12027
Update to version 5.3.2.