Hongli Lai (Phusion)

2 exploits Active since Sep 2013
CVE-2013-4136 WRITEUP WRITEUP
Phusion Passenger < 4.0.6 - Privilege Escalation via Symlink Attack on Predictable /tmp Directory
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
CVE-2018-12615 WRITEUP MEDIUM WRITEUP
Phusion Passenger <5.3.2 - Privilege Escalation
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
CVSS 5.3