CVE-2013-2119
First published: Mon Jan 07 2013(Updated: )
Michael Scherer reported that the passenger ruby gem, when used in standalone mode, does not use temporary files in a secure manner. In the lib/phusion_passenger/standalone/main.rb's create_nginx_controller function, passenger creates an nginx configuration file insecurely and starts nginx with that configuration file: @temp_dir = "/tmp/passenger-standalone.#{$$}" @config_filename = "#{@temp_dir}/config" If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start an nginx instance with their own configuration file. This could result in a denial of service condition for a legitimate service or, if passenger were executed as root (in order to have nginx listen on port 80, for instance), this could lead to a local root compromise.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phusion Passenger | <=3.0.20 | |
| Phusion Passenger | =3.0.0 | |
| Phusion Passenger | =3.0.1 | |
| Phusion Passenger | =3.0.2 | |
| Phusion Passenger | =3.0.3 | |
| Phusion Passenger | =3.0.4 | |
| Phusion Passenger | =3.0.5 | |
| Phusion Passenger | =3.0.6 | |
| Phusion Passenger | =3.0.7 | |
| Phusion Passenger | =3.0.8 | |
| Phusion Passenger | =3.0.9 | |
| Phusion Passenger | =3.0.10 | |
| Phusion Passenger | =3.0.11 | |
| Phusion Passenger | =3.0.12 | |
| Phusion Passenger | =3.0.13 | |
| Phusion Passenger | =3.0.14 | |
| Phusion Passenger | =3.0.15 | |
| Phusion Passenger | =3.0.17 | |
| Phusion Passenger | =3.0.18 | |
| Phusion Passenger | =3.0.19 | |
| Phusion Passenger | =4.0.1 | |
| Phusion Passenger | =4.0.2 | |
| Phusion Passenger | =4.0.3 | |
| Phusion Passenger | =4.0.4 | |
| Ruby | ||
| Red Hat OpenShift | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
- https://github.com/FooBarWidget/passenger/commit/bfe619eec3a337b4868b9928dc273e70a4a96f37
- https://github.com/FooBarWidget/passenger/commit/0eaebb00f6b7327374069a7998064c68cc54e9f1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=968923
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=968930
- https://rhn.redhat.com/errata/RHSA-2013-1136.html
- https://bugzilla.redhat.com/show_bug.cgi?id=892813
- http://rhn.redhat.com/errata/RHSA-2013-1136.html
Frequently Asked Questions
What is the severity of CVE-2013-2119?
CVE-2013-2119 has a moderate severity rating due to potential security risks associated with insecure file handling.
How do I fix CVE-2013-2119?
To mitigate CVE-2013-2119, you should upgrade to Phusion Passenger version 3.0.21 or higher.
Which versions of Phusion Passenger are affected by CVE-2013-2119?
CVE-2013-2119 affects Phusion Passenger versions up to and including 3.0.20 and certain 4.0.x versions.
What is the impact of CVE-2013-2119?
The impact of CVE-2013-2119 could lead to unauthorized access due to the insecure handling of temporary files.
Is CVE-2013-2119 related to any specific software?
CVE-2013-2119 specifically affects the Phusion Passenger Ruby gem when utilized in standalone mode.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2119
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/phusion
- canonical/phusion passenger
- version/phusion passenger/3.0.20
- version/phusion passenger/3.0.0
- version/phusion passenger/3.0.1
- version/phusion passenger/3.0.2
- version/phusion passenger/3.0.3
- version/phusion passenger/3.0.4
- version/phusion passenger/3.0.5
- version/phusion passenger/3.0.6
- version/phusion passenger/3.0.7
- version/phusion passenger/3.0.8
- version/phusion passenger/3.0.9
- version/phusion passenger/3.0.10
- version/phusion passenger/3.0.11
- version/phusion passenger/3.0.12
- version/phusion passenger/3.0.13
- version/phusion passenger/3.0.14
- version/phusion passenger/3.0.15
- version/phusion passenger/3.0.17
- version/phusion passenger/3.0.18
- version/phusion passenger/3.0.19
- version/phusion passenger/4.0.1
- version/phusion passenger/4.0.2
- version/phusion passenger/4.0.3
- version/phusion passenger/4.0.4
- vendor/ruby-lang
- canonical/ruby
- vendor/redhat
- canonical/red hat openshift
- version/red hat openshift/1.0