CVE-2016-10345 - Vulnerability Details - OpenCVE

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors	Products
Phusion Subscribe	Passenger Subscribe

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2018-0392	In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.
Github GHSA	GHSA-cqxw-3p7v-p9gr	Phusion Passenger uses a known /tmp filename

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
https://nvd.nist.gov/vuln/detail/CVE-2016-10345
https://www.cve.org/CVERecord?id=CVE-2016-10345

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-18T20:00:00.000Z

Updated: 2024-09-16T23:00:26.155Z

Reserved: 2017-04-18T00:00:00.000Z

Link: CVE-2016-10345

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-04-18T20:59:00.153

Modified: 2025-04-20T01:37:25.860

Link: CVE-2016-10345

Redhat

Severity : Moderate

Publid Date: 2016-11-09T00:00:00Z

Links: CVE-2016-10345 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-18T20:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441", "refsource": "CONFIRM", "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"name": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG", "refsource": "CONFIRM", "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:21:50.838Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10345", "datePublished": "2017-04-18T20:00:00.000Z", "dateReserved": "2017-04-18T00:00:00.000Z", "dateUpdated": "2024-09-16T23:00:26.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAC73972-CB17-4C3D-A09A-DF5CF226AA10", "versionEndIncluding": "5.0.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}, {"lang": "es", "value": "En Phusion Passenger en versiones anteriores a 5.1.0, un nombre de archivo /tmp conocido fue utilizado durante la ejecuci\u00f3n de passenger-install-nginx-module, lo que podr\u00eda permitir a atacantes locales obtener los privilegios del usuario de passenger."}], "id": "CVE-2016-10345", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-18T20:59:00.153", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "passenger: File overwrite vulnerability in passenger-install-nginx-module", "id": "1445306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445306"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "details": ["In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."], "name": "CVE-2016-10345", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Not affected", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Not affected", "package_name": "rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby-193-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby200-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-passenger40-passenger", "product_name": "Red Hat Software Collections"}], "public_date": "2016-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-10345\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10345\nhttps://blog.phusion.nl/2017/01/10/passenger-5-1-1/"], "threat_severity": "Moderate"}