Oval Definition:oval:org.opensuse.security:def:201812029
Revision Date:2022-06-30Version:1
Title:CVE-2018-12029
Description:

A race condition in the nginx module in Phusion Passenger 3.x through 5.x before 5.3.2 allows local escalation of privileges when a non-standard passenger_instance_registry_dir with insufficiently strict permissions is configured. Replacing a file with a symlink after the file was created, but before it was chowned, leads to the target of the link being chowned via the path. Targeting sensitive files such as root's crontab file allows privilege escalation.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-12029
SUSE-SU-2018:2039-1
Mitre CVE-2018-12029
SUSE CVE-2018-12029
SUSE-SU-2018:2039-1
Platform(s):openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 12 is installed
  • AND Package Information
  • ruby2.1-rubygem-passenger-5.0.18-12.9 is installed
  • OR rubygem-passenger-5.0.18-12.9 is installed
  • OR rubygem-passenger-apache2-5.0.18-12.9 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • ruby2.7-rubygem-passenger-6.0.8-3.2 is installed
  • OR ruby3.0-rubygem-passenger-6.0.8-3.2 is installed
  • OR rubygem-passenger-6.0.8-3.2 is installed
  • OR rubygem-passenger-apache2-6.0.8-3.2 is installed
  • OR rubygem-passenger-nginx-6.0.8-3.2 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 12 is installed
  • OR SUSE Linux Enterprise Module for Containers 12 is installed
  • OR SUSE Linux Enterprise Server 12 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND Package Information
  • ruby2.1-rubygem-passenger-5.0.18-12.9.1 is installed
  • OR rubygem-passenger-5.0.18-12.9.1 is installed
  • OR rubygem-passenger-apache2-5.0.18-12.9.1 is installed
    • BACK