Bug 1098872 (CVE-2018-12615) - VUL-0: CVE-2018-12615: rubygem-passenger: privilege lowering in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp
Summary: VUL-0: CVE-2018-12615: rubygem-passenger: privilege lowering in switchGroup(...
Status: RESOLVED FIXED
Alias: CVE-2018-12615
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Jordi Massaguer
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/208602/
Whiteboard: CVSSv3:RedHat:CVE-2018-12615:5.3:(AV...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-22 18:00 UTC by Marcus Meissner
Modified: 2024-06-13 17:22 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-06-22 18:00:34 UTC 
rh#1594361

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp
in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set
correctly, leaving it up to randomness (i.e., uninitialized memory) which
supplementary groups are actually being set while lowering privileges.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1594361
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12615
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12615.html
http://www.cvedetails.com/cve/CVE-2018-12615/
https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8
Comment 2 Marcus Meissner 2018-06-25 05:29:10 UTC 
the affected code is not in older versions that we ship.