Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2018-12615 - Vulnerability Database

Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability - CVE-2018-12615

Medium
Reference: CVE-2018-12615
Title: Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability
Overview:

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly leaving it up to randomness (i.e. uninitialized memory) which supplementary groups are actually being set while lowering privileges.