CVE-2016-10345

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10345
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10345.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10345
Aliases
Related
Published
2017-04-18T20:59:00Z
Modified
2024-08-01T07:30:25.025726Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.

References

Affected packages

Debian:11 / passenger

Package

Name
passenger
Purl
pkg:deb/debian/passenger?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.0.30-1.2
5.0.30-1.2+deb11u1

6.*

6.0.10-1
6.0.10-2
6.0.10-3
6.0.13+ds-1
6.0.17+ds-1
6.0.20+ds-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / passenger

Package

Name
passenger
Purl
pkg:deb/debian/passenger?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.10-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / passenger

Package

Name
passenger
Purl
pkg:deb/debian/passenger?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.10-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/phusion/passenger

Affected ranges

Type
GIT
Repo
https://github.com/phusion/passenger
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

release-1.*

release-1.0.0
release-1.0.1
release-1.0.2
release-1.0.3
release-1.0.4
release-1.0.5
release-1.9.0
release-1.9.1

release-2.*

release-2.0.1
release-2.0.2
release-2.1.1
release-2.1.2
release-2.1.3
release-2.2.0
release-2.2.1
release-2.2.10
release-2.2.11
release-2.2.12
release-2.2.13
release-2.2.14
release-2.2.15
release-2.2.2
release-2.2.3
release-2.2.4
release-2.2.5
release-2.2.6
release-2.2.7
release-2.2.8
release-2.2.9

release-3.*

release-3.0.0
release-3.0.0.pre1
release-3.0.0.pre2
release-3.0.0.pre3
release-3.0.0.rc1
release-3.0.1
release-3.0.10
release-3.0.11
release-3.0.12
release-3.0.13
release-3.0.14
release-3.0.15
release-3.0.17
release-3.0.18
release-3.0.2
release-3.0.3
release-3.0.4
release-3.0.5
release-3.0.6
release-3.0.7
release-3.0.8
release-3.0.9
release-3.9.0.beta
release-3.9.1.beta
release-3.9.2.beta
release-3.9.3.rc1
release-3.9.4.rc2
release-3.9.5.rc3

release-4.*

release-4.0.0.rc4
release-4.0.0.rc6
release-4.0.1
release-4.0.10
release-4.0.13
release-4.0.14
release-4.0.16
release-4.0.17
release-4.0.18
release-4.0.19
release-4.0.2
release-4.0.20
release-4.0.21
release-4.0.23
release-4.0.24
release-4.0.25
release-4.0.26
release-4.0.27
release-4.0.28
release-4.0.29
release-4.0.3
release-4.0.30
release-4.0.31
release-4.0.32
release-4.0.33
release-4.0.34
release-4.0.35
release-4.0.36
release-4.0.37
release-4.0.38
release-4.0.39
release-4.0.4
release-4.0.40
release-4.0.41
release-4.0.42
release-4.0.43
release-4.0.44
release-4.0.45
release-4.0.46
release-4.0.48
release-4.0.49
release-4.0.5
release-4.0.50
release-4.0.51
release-4.0.52
release-4.0.53
release-4.0.55
release-4.0.56
release-4.0.57
release-4.0.58
release-4.0.59
release-4.0.6
release-4.0.7
release-4.0.8

release-5.*

release-5.0.0.beta1
release-5.0.0.beta2
release-5.0.0.beta3
release-5.0.0.rc1
release-5.0.0.rc2
release-5.0.1
release-5.0.10
release-5.0.11
release-5.0.13
release-5.0.14
release-5.0.15
release-5.0.16
release-5.0.17
release-5.0.18
release-5.0.19
release-5.0.2
release-5.0.20
release-5.0.21
release-5.0.22
release-5.0.23
release-5.0.24
release-5.0.25
release-5.0.26
release-5.0.27
release-5.0.28
release-5.0.29
release-5.0.3
release-5.0.30
release-5.0.4
release-5.0.5
release-5.0.6
release-5.0.7
release-5.0.8
release-5.0.9