PT-2015-3689 · Phusion · Phusion Passenger
Jakub Wilk
·
Publicado
2015-02-19
·
Atualizado
2018-10-10
·
CVE-2014-1831
CVSS v2.0
2.1
Baixa
| Vetor | AV:L/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Phusion Passenger versions prior to 4.0.37
Description
The issue allows local users to write to certain files and directories via a symlink attack on (1)
control process.pid or (2) a generation-* file.Recommendations
For versions prior to 4.0.37, update to version 4.0.37 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
control process.pid and generation-* files until a patch is available.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Phusion Passenger