SecuritySpace - CVE-2018-12029

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2018-12029

Description: A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non- standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.

Test IDs: 1.3.6.1.4.1.25623.1.0.891399 1.3.6.1.4.1.25623.1.1.4.2018.2039.1

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2018-12029
https://security.gentoo.org/glsa/201807-02
https://blog.phusion.nl/passenger-5-3-2
https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc
https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html

CVE ID:	CVE-2018-12029
Description:	A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non- standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
Test IDs:	1.3.6.1.4.1.25623.1.0.891399 1.3.6.1.4.1.25623.1.1.4.2018.2039.1
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2018-12029 https://security.gentoo.org/glsa/201807-02 https://blog.phusion.nl/passenger-5-3-2 https://pulsesecurity.co.nz/advisories/phusion-passenger-priv-esc https://lists.debian.org/debian-lts-announce/2018/06/msg00007.html