CVE-2018-12027

NameCVE-2018-12027
DescriptionAn Insecure Permissions vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 causes information disclosure in the following situation: given a Passenger-spawned application process that reports that it listens on a certain Unix domain socket, if any of the parent directories of said socket are writable by a normal user that is not the application's user, then that non-application user can swap that directory with something else, resulting in traffic being redirected to a non-application user's process through an alternative Unix domain socket.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
passenger (PTS)stretch (security), stretch (lts), stretch5.0.30-1+deb9u1fixed
buster5.0.30-1.1fixed
bullseye5.0.30-1.2+deb11u1fixed
bookworm6.0.17+ds-1fixed
sid, trixie6.0.20+ds-1fixed
ruby-passenger (PTS)jessie, jessie (lts)4.0.53-1+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
passengersource(unstable)(not affected)
ruby-passengersource(unstable)(not affected)

Notes

- passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
- ruby-passenger <not-affected> (Introduced in 5.3.0 with major refactoring of SpawningKit)
https://blog.phusion.nl/2018/06/12/passenger-5-3-2-various-security-fixes/

Search for package or bug name: Reporting problems