Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary config file in a directory with a predictable name in /tmp/ before it is used by the gem.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Passenger | Phusion | * | 3.0.20 (including) |
| Passenger | Phusion | 3.0.0 (including) | 3.0.0 (including) |
| Passenger | Phusion | 3.0.1 (including) | 3.0.1 (including) |
| Passenger | Phusion | 3.0.2 (including) | 3.0.2 (including) |
| Passenger | Phusion | 3.0.3 (including) | 3.0.3 (including) |
| Passenger | Phusion | 3.0.4 (including) | 3.0.4 (including) |
| Passenger | Phusion | 3.0.5 (including) | 3.0.5 (including) |
| Passenger | Phusion | 3.0.6 (including) | 3.0.6 (including) |
| Passenger | Phusion | 3.0.7 (including) | 3.0.7 (including) |
| Passenger | Phusion | 3.0.8 (including) | 3.0.8 (including) |
| Passenger | Phusion | 3.0.9 (including) | 3.0.9 (including) |
| Passenger | Phusion | 3.0.10 (including) | 3.0.10 (including) |
| Passenger | Phusion | 3.0.11 (including) | 3.0.11 (including) |
| Passenger | Phusion | 3.0.12 (including) | 3.0.12 (including) |
| Passenger | Phusion | 3.0.13 (including) | 3.0.13 (including) |
| Passenger | Phusion | 3.0.14 (including) | 3.0.14 (including) |
| Passenger | Phusion | 3.0.15 (including) | 3.0.15 (including) |
| Passenger | Phusion | 3.0.17 (including) | 3.0.17 (including) |
| Passenger | Phusion | 3.0.18 (including) | 3.0.18 (including) |
| Passenger | Phusion | 3.0.19 (including) | 3.0.19 (including) |
| Passenger | Phusion | 4.0.1 (including) | 4.0.1 (including) |
| Passenger | Phusion | 4.0.2 (including) | 4.0.2 (including) |
| Passenger | Phusion | 4.0.3 (including) | 4.0.3 (including) |
| Passenger | Phusion | 4.0.4 (including) | 4.0.4 (including) |
| RHEL 6 Version of OpenShift Enterprise 1.2 | RedHat | ruby193-rubygem-passenger-0:3.0.21-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise 1.2 | RedHat | rubygem-file-tail-0:1.0.5-4.el6op | * |
| RHEL 6 Version of OpenShift Enterprise 1.2 | RedHat | rubygem-passenger-0:3.0.21-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise 1.2 | RedHat | rubygem-spruz-0:0.2.5-4.el6op | * |
| Ruby-passenger | Ubuntu | quantal | * |
| Ruby-passenger | Ubuntu | raring | * |
| Ruby-passenger | Ubuntu | upstream | * |
References
- http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
- http://rhn.redhat.com/errata/RHSA-2013-1136.html
- https://bugzilla.redhat.com/show_bug.cgi?id=892813
- http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
- http://rhn.redhat.com/errata/RHSA-2013-1136.html
- https://bugzilla.redhat.com/show_bug.cgi?id=892813