VDB

DEBIAN-CVE-2018-12029

DEBIAN-CVE-2018-12029 PUBLISHED CVSS 7 HIGH

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Risk Scores

CVSS 3.0
7
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11passenger0, 0, 0
Debian:12passenger0, 0, 0
Debian:13passenger0, 0, 0
Debian:14passenger0, 0, 0

Timeline

  • Jun 17, 2018 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›