What is the severity of REDHAT-BUG-892813?

The severity of REDHAT-BUG-892813 is considered high due to insecure handling of temporary files affecting system security.

How do I fix REDHAT-BUG-892813?

To fix REDHAT-BUG-892813, update the Phusion Passenger gem to the latest version that addresses the insecure configuration file creation.

What systems are affected by REDHAT-BUG-892813?

REDHAT-BUG-892813 affects systems using the Phusion Passenger gem in standalone mode.

What vulnerabilities does REDHAT-BUG-892813 introduce?

REDHAT-BUG-892813 introduces potential unauthorized access and data leakage through insecure temporary file handling.

Is there a workaround for REDHAT-BUG-892813?

Currently, the recommended workaround for REDHAT-BUG-892813 is to avoid using the affected functionality until the gem is updated.

Vulnerability/
REDHAT-BUG-892813

medium

7/1/2013

12/5/2023

REDHAT-BUG-892813

First published: Mon Jan 07 2013(Updated: )

Michael Scherer reported that the passenger ruby gem, when used in standalone mode, does not use temporary files in a secure manner. In the lib/phusion_passenger/standalone/main.rb's create_nginx_controller function, passenger creates an nginx configuration file insecurely and starts nginx with that configuration file: @temp_dir = "/tmp/passenger-standalone.#{$$}" @config_filename = "#{@temp_dir}/config" If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start an nginx instance with their own configuration file. This could result in a denial of service condition for a legitimate service or, if passenger were executed as root (in order to have nginx listen on port 80, for instance), this could lead to a local root compromise.

Affected Software	Affected Version	How to fix
Phusion Passenger

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-892813?
The severity of REDHAT-BUG-892813 is considered high due to insecure handling of temporary files affecting system security.
How do I fix REDHAT-BUG-892813?
To fix REDHAT-BUG-892813, update the Phusion Passenger gem to the latest version that addresses the insecure configuration file creation.
What systems are affected by REDHAT-BUG-892813?
REDHAT-BUG-892813 affects systems using the Phusion Passenger gem in standalone mode.
What vulnerabilities does REDHAT-BUG-892813 introduce?
REDHAT-BUG-892813 introduces potential unauthorized access and data leakage through insecure temporary file handling.
Is there a workaround for REDHAT-BUG-892813?
Currently, the recommended workaround for REDHAT-BUG-892813 is to avoid using the affected functionality until the gem is updated.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-2119
agent/severity
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/phusion
canonical/phusion passenger

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.