LWN.net Logo

Advertisement

GStreamer Conference 2013, 22-23 Oct, Edinburgh

GStreamer, Embedded Linux, Android, VoD, Smooth Streaming, DRM, RTSP, HEVC, PulseAudio, OpenGL. Register now to attend.

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Shumway lands in Firefox

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rubygem-passenger: insecure temp files

Package(s):rubygem-passenger CVE #(s):CVE-2013-2119
Created:June 11, 2013 Updated:July 10, 2013
Description: From the Red Hat bugzilla:

Michael Scherer reported that the passenger ruby gem, when used in standalone mode, does not use temporary files in a secure manner. In the lib/phusion_passenger/standalone/main.rb's create_nginx_controller function, passenger creates an nginx configuration file insecurely and starts nginx with that configuration file: 

       @temp_dir        = "/tmp/passenger-standalone.#{$$}"
       @config_filename = "#{@temp_dir}/config"
If a local attacker were able to create a temporary directory that passenger uses and supply a custom nginx configuration file they could start an nginx instance with their own configuration file. This could result in a denial of service condition for a legitimate service or, if passenger were executed as root (in order to have nginx listen on port 80, for instance), this could lead to a local root compromise.
Alerts:
Fedora FEDORA-2013-9789 2013-06-11
Fedora FEDORA-2013-9771 2013-06-11
Mageia MGASA-2013-0205 2013-07-09
Red Hat RHSA-2013:1136-01 2013-08-05
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds