CVE-2018-12615

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-12615

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-12615.json

Aliases

GHSA-4284-jfhc-f854

Published

2018-06-21T15:29:00Z

Modified

2023-11-29T06:25:09.809441Z

Details

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

References

https://github.com/phusion/passenger/commit/4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8

Affected packages

Git / github.com/phusion/passenger

Affected ranges

Type: GIT
Repo: https://github.com/phusion/passenger
Events: Introduced

0The exact introduced commit is unknown

Fixed

4e97fdb86d0a0141ec9a052c6e691fcd07bb45c8

Affected versions

release-1.*

release-1.0.0

release-1.0.1

release-1.0.2

release-1.0.3

release-1.0.4

release-1.0.5

release-1.9.0

release-1.9.1

release-2.*

release-2.0.1

release-2.0.2

release-2.1.1

release-2.1.2

release-2.1.3

release-2.2.0

release-2.2.1

release-2.2.10

release-2.2.11

release-2.2.12

release-2.2.13

release-2.2.14

release-2.2.15

release-2.2.2

release-2.2.3

release-2.2.4

release-2.2.5

release-2.2.6

release-2.2.7

release-2.2.8

release-2.2.9

release-3.*

release-3.0.0

release-3.0.0.pre1

release-3.0.0.pre2

release-3.0.0.pre3

release-3.0.0.rc1

release-3.0.1

release-3.0.10

release-3.0.11

release-3.0.12

release-3.0.13

release-3.0.14

release-3.0.15

release-3.0.17

release-3.0.18

release-3.0.2

release-3.0.3

release-3.0.4

release-3.0.5

release-3.0.6

release-3.0.7

release-3.0.8

release-3.0.9

release-3.9.0.beta

release-3.9.1.beta

release-3.9.2.beta

release-3.9.3.rc1

release-3.9.4.rc2

release-3.9.5.rc3

release-4.*

release-4.0.0.rc4

release-4.0.0.rc6

release-4.0.1

release-4.0.10

release-4.0.13

release-4.0.14

release-4.0.16

release-4.0.17

release-4.0.18

release-4.0.19

release-4.0.2

release-4.0.20

release-4.0.21

release-4.0.23

release-4.0.24

release-4.0.25

release-4.0.26

release-4.0.27

release-4.0.28

release-4.0.29

release-4.0.3

release-4.0.30

release-4.0.31

release-4.0.32

release-4.0.33

release-4.0.34

release-4.0.35

release-4.0.36

release-4.0.37

release-4.0.38

release-4.0.39

release-4.0.4

release-4.0.40

release-4.0.41

release-4.0.42

release-4.0.43

release-4.0.44

release-4.0.45

release-4.0.46

release-4.0.48

release-4.0.49

release-4.0.5

release-4.0.50

release-4.0.51

release-4.0.52

release-4.0.53

release-4.0.55

release-4.0.56

release-4.0.57

release-4.0.58

release-4.0.59

release-4.0.6

release-4.0.7

release-4.0.8

release-5.*

release-5.0.0.beta1

release-5.0.0.beta2

release-5.0.0.beta3

release-5.0.0.rc1

release-5.0.0.rc2

release-5.0.1

release-5.0.10

release-5.0.11

release-5.0.13

release-5.0.14

release-5.0.15

release-5.0.16

release-5.0.17

release-5.0.18

release-5.0.19

release-5.0.2

release-5.0.20

release-5.0.21

release-5.0.22

release-5.0.23

release-5.0.24

release-5.0.25

release-5.0.26

release-5.0.27

release-5.0.28

release-5.0.29

release-5.0.3

release-5.0.30

release-5.0.4

release-5.0.5

release-5.0.6

release-5.0.7

release-5.0.8

release-5.0.9

release-5.1.0

release-5.1.1

release-5.1.11

release-5.1.12

release-5.1.2

release-5.1.3

release-5.1.4

release-5.1.5

release-5.1.6

release-5.1.7

release-5.1.8

release-5.2.0

release-5.2.1

release-5.2.2

release-5.2.3

release-5.3.0

release-5.3.1