CVE-2016-10345 - OpenCVE

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Phusion	Passenger

Configuration 1 [-]

cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.phusion.nl/2017/01/10/passenger-5-1-1/
https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG
https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
https://nvd.nist.gov/vuln/detail/CVE-2016-10345
https://www.cve.org/CVERecord?id=CVE-2016-10345

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-04-18T20:00:00Z

Updated: 2024-09-16T23:00:26.155Z

Reserved: 2017-04-18T00:00:00Z

Link: CVE-2016-10345

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-04-18T20:59:00.153

Modified: 2017-04-24T21:26:37.567

Link: CVE-2016-10345

Redhat

Severity : Moderate

Publid Date: 2016-11-09T00:00:00Z

Links: CVE-2016-10345 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-04-18T20:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441", "refsource": "CONFIRM", "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"name": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG", "refsource": "CONFIRM", "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T03:21:50.838Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10345", "datePublished": "2017-04-18T20:00:00Z", "dateReserved": "2017-04-18T00:00:00Z", "dateUpdated": "2024-09-16T23:00:26.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*", "matchCriteriaId": "DAC73972-CB17-4C3D-A09A-DF5CF226AA10", "versionEndIncluding": "5.0.30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."}, {"lang": "es", "value": "En Phusion Passenger en versiones anteriores a 5.1.0, un nombre de archivo /tmp conocido fue utilizado durante la ejecuci\u00f3n de passenger-install-nginx-module, lo que podr\u00eda permitir a atacantes locales obtener los privilegios del usuario de passenger."}], "id": "CVE-2016-10345", "lastModified": "2017-04-24T21:26:37.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-04-18T20:59:00.153", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Release Notes"], "url": "https://github.com/phusion/passenger/blob/stable-5.1/CHANGELOG"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "passenger: File overwrite vulnerability in passenger-install-nginx-module", "id": "1445306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445306"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "draft"}, "details": ["In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user."], "name": "CVE-2016-10345", "package_state": [{"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Not affected", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:ceph_storage:1.3", "fix_state": "Not affected", "package_name": "rubygem-passenger", "product_name": "Red Hat Ceph Storage 1.3"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openstack-installer:6", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno) Installer"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby-193-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "ruby200-rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:openshift:2", "fix_state": "Will not fix", "package_name": "rubygem-passenger", "product_name": "Red Hat OpenShift Enterprise 2"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "rubygem-passenger", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Not affected", "package_name": "rh-passenger40-passenger", "product_name": "Red Hat Software Collections"}], "public_date": "2016-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-10345\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10345\nhttps://blog.phusion.nl/2017/01/10/passenger-5-1-1/"], "threat_severity": "Moderate", "upstream_fix": "rubygem-passenger 5.1.1"}