CVE-2014-1831

Phusion Passenger <4.0.37 - Local Privilege Escalation

Title source: llm

Description

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

References (6)

Core 6

Core References

Issue Tracking x_refsource_confirm

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958

Patch x_refsource_confirm

https://github.com/phusion/passenger/commit/34b1087870c2

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2014/01/30/3

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=1058992

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2014/01/28/8

Scores

EPSS 0.0007

EPSS Percentile 20.6%

Details

Status published

Products (2)

phusion/passenger < 4.0.36

rubygems/passenger 0 - 4.0.38RubyGems

Published Feb 19, 2015

Tracked Since Feb 18, 2026