Candidate: CVE-2017-16355
PublicDate: 2017-12-14 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16355
 https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
 http://www.openwall.com/lists/oss-security/2017/11/21/2
Description:
 In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in
 Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger
 is running as root, it is possible to list the contents of arbitrary files
 on a system by symlinking a file named REVISION from the application root
 folder to a file of choice and querying passenger-status --show=xml.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884463
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N [4.7 MEDIUM]


Patches_passenger:
 upstream: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
 upstream: https://github.com/phusion/passenger/commit/947af424330f5d5f5006860b2f0140bbba153e42
upstream_passenger: released (5.1.10, 5.1.11, 5.0.30-1.1)
precise/esm_passenger: DNE
trusty_passenger: DNE
trusty/esm_passenger: DNE
xenial_passenger: ignored (end of standard support, was needed)
zesty_passenger: ignored (reached end-of-life)
artful_passenger: ignored (reached end-of-life)
bionic_passenger: released (5.0.30-1+deb9u1build0.18.04.1)
cosmic_passenger: released (5.0.30-1+deb9u1build0.18.10.1)
disco_passenger: released (5.0.30-1+deb9u1build0.19.04.1)
eoan_passenger: not-affected (5.0.30-1.1)
focal_passenger: not-affected (5.0.30-1.1)
groovy_passenger: not-affected (5.0.30-1.1)
hirsute_passenger: not-affected (5.0.30-1.1)
impish_passenger: not-affected (5.0.30-1.1)
jammy_passenger: not-affected (5.0.30-1.1)
devel_passenger: not-affected (5.0.30-1.1)

Patches_ruby-passenger:
upstream_ruby-passenger: needed
precise/esm_ruby-passenger: DNE
trusty_ruby-passenger: ignored (reached end-of-life)
trusty/esm_ruby-passenger: DNE (trusty was needed)
xenial_ruby-passenger: DNE
zesty_ruby-passenger: DNE
artful_ruby-passenger: DNE
bionic_ruby-passenger: DNE
cosmic_ruby-passenger: DNE
disco_ruby-passenger: DNE
eoan_ruby-passenger: DNE
focal_ruby-passenger: DNE
groovy_ruby-passenger: DNE
hirsute_ruby-passenger: DNE
impish_ruby-passenger: DNE
jammy_ruby-passenger: DNE
devel_ruby-passenger: DNE