CVE-2018-12027

Name	CVE-2018-12027
Description	An Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
passenger (PTS)	stretch (security), stretch (lts), stretch	5.0.30-1+deb9u1	fixed
	buster	5.0.30-1.1	fixed
	bullseye	5.0.30-1.2+deb11u1	fixed
	bookworm	6.0.17+ds-1	fixed
	sid, trixie	6.0.20+ds-1	fixed
ruby-passenger (PTS)	jessie, jessie (lts)	4.0.53-1+deb8u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
passenger	source	(unstable)	(not affected)
ruby-passenger	source	(unstable)	(not affected)

Notes

- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/