Lucene search

[email protected]CVE-2014-1832

HistoryFeb 19, 2015 - 3:59 p.m.

CVE-2014-1832

2015-02-1915:59:04

[email protected]

web.nvd.nist.gov

cve-2014-1832

phusion passenger

symlink attack

file write vulnerability

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.

Affected configurations

NVD

Node

phusionpassengerRange≤4.0.36

CPENameOperatorVersion
phusion:passengerphusion passengerle4.0.36

CPE	Name	Operator	Version
phusion:passenger	phusion passenger	le	4.0.36

References

lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html

openwall.com/lists/oss-security/2014/01/29/6

openwall.com/lists/oss-security/2014/01/30/3

bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958

bugzilla.redhat.com/show_bug.cgi?id=1058992

github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-1832

nvd2 cvelist2 github2 debiancve2 openvas1 prion2 nessus1 ubuntucve2 fedora1 osv2 rubygems2 cve1