4.0.38
CVE-2014-1831 describes a symlink vulnerability affecting Phusion Passenger versions up to 4.0.8. This flaw allows a local attacker to potentially write to sensitive files and directories by exploiting symlink manipulation. The vulnerability was published in 2018 and a fix is available in version 4.0.38. Mitigation strategies involve restricting file permissions and monitoring for suspicious symlink activity.
The primary impact of CVE-2014-1831 lies in the potential for unauthorized file modification. A successful attacker, already possessing local access to the system, can leverage the symlink vulnerability to overwrite critical configuration files or application code within directories normally protected. This could lead to denial of service, privilege escalation, or even remote code execution if the overwritten files are subsequently executed. While the vulnerability is classified as LOW severity, the ease of exploitation and potential for disruption make it a concern, particularly in environments with lax file permission controls.
CVE-2014-1831 is not currently listed on KEV or EPSS. The LOW CVSS score suggests a low probability of active exploitation. Public proof-of-concept (POC) code is not widely available, which further reduces the immediate risk. The vulnerability was published in 2018, indicating it has been known for a significant period.
エクスプロイト状況
EPSS
0.07% (21% パーセンタイル)
The recommended mitigation for CVE-2014-1831 is to upgrade Phusion Passenger to version 4.0.38 or later, which contains the fix. If an immediate upgrade is not feasible, consider implementing stricter file permission controls to limit the impact of a successful symlink attack. Specifically, ensure that the control_process.pid and generation-* files are not writable by users other than the Passenger process owner. Regularly audit file permissions and monitor system logs for suspicious symlink creation or modification attempts. There are no specific WAF rules or detection signatures readily available for this vulnerability.
公式パッチはありません。回避策を確認するか、アップデートを監視してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2014-1831 is a vulnerability in Phusion Passenger versions up to 4.0.8 that allows a local attacker to write to restricted directories via a symlink attack on control_process.pid or generation-* files. Severity pending CVSS score update.
You are affected if you are running Phusion Passenger versions 4.0.8 or earlier. Upgrade to 4.0.38 or later to mitigate the risk.
Upgrade Phusion Passenger to version 4.0.38 or later. As a temporary workaround, restrict file permissions on control_process.pid and generation-* files.
There is no widespread evidence of active exploitation of CVE-2014-1831. Public POCs are limited, and it is not listed on KEV or EPSS.
Refer to the Phusion Passenger security advisory for details: https://www.phusionpassenger.com/security/advisories/CVE-2014-1831
Gemfile.lock ファイルをアップロードすると、影響の有無を即座にお知らせします。