Plattform
ruby
Komponente
passenger
Behoben in
4.0.38
CVE-2014-1831 describes a symlink vulnerability affecting Phusion Passenger versions up to 4.0.8. This flaw allows a local attacker to potentially write to sensitive files and directories by exploiting symlink manipulation. The vulnerability was published in 2018 and a fix is available in version 4.0.38. Mitigation strategies involve restricting file permissions and monitoring for suspicious symlink activity.
The vulnerability lies in how Phusion Passenger handles symlinks to files like control_process.pid and files starting with generation-. A malicious local user can create a symlink pointing to a file they control. When Passenger attempts to access the original file, it inadvertently writes to the attacker's chosen location. This could allow an attacker to overwrite critical configuration files, potentially leading to denial of service or, in more complex scenarios, privilege escalation if the overwritten file controls access to sensitive resources. While the vulnerability is rated LOW, the ease of exploitation and potential for disruption warrant prompt remediation.
CVE-2014-1831 was publicly disclosed in 2018. There are no known active campaigns targeting this vulnerability. Public proof-of-concept exploits are available, demonstrating the ease of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. The low CVSS score reflects the requirement for local access and the limited scope of potential impact.
Exploit-Status
EPSS
0.07% (21% Perzentil)
The primary mitigation is to upgrade Phusion Passenger to version 4.0.38 or later, which contains the fix. If upgrading immediately is not feasible, consider restricting write access to the control_process.pid and generation-* directories to the Passenger user only. Carefully review file permissions and ownership within the Passenger installation directory. Monitor system logs for suspicious file modification activity, particularly targeting these specific files. After upgrade, confirm the fix by attempting to create a symlink to a file outside the Passenger directory and verifying that Passenger does not write to it.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2014-1831 is a vulnerability in Phusion Passenger versions up to 4.0.8 that allows a local attacker to write to restricted directories via a symlink attack on control_process.pid or generation-* files. Severity pending CVSS score update.
You are affected if you are running Phusion Passenger versions 4.0.8 or earlier. Upgrade to 4.0.38 or later to mitigate the risk.
Upgrade Phusion Passenger to version 4.0.38 or later. As a temporary workaround, restrict file permissions on control_process.pid and generation-* files.
There is no widespread evidence of active exploitation of CVE-2014-1831. Public POCs are limited, and it is not listed on KEV or EPSS.
Refer to the Phusion Passenger security advisory for details: https://www.phusionpassenger.com/security/advisories/CVE-2014-1831
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Gemfile.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.