Miggo Logo
Miggo Vulnerability Database
CVE-2012-6135

CVE-2012-6135:
RubyGems passenger gem allows remote attackers to delete files

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2012-6135
GHSA ID
GHSA-8mw8-j583-vqfg
EPSS Score
0.78611%
CWE
CWE-20
Published
4/23/2022
Updated
7/5/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
passengerrubygems< 4.0.0.rc44.0.0.rc4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper validation of socket filenames reported by application processes during startup. The pre-patch version of handleSpawnResponse directly processed socket addresses from untrusted sources without:

  1. Checking if paths were absolute
  2. Verifying file ownership
  3. Preventing directory traversal (../ patterns)

This allowed malicious applications to report crafted socket paths that would get processed by Passenger's cleanup routines, leading to arbitrary file deletion. The commit added validateSocketAddress checks and path validation logic to fix this.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Ru*y**ms p*ss*n**r *.*.* **t*s * *n* * *llows r*mot* *tt**k*rs to **l*t* *r*itr*ry *il*s *urin* t** st*rtup pro**ss. *****ts *ot* op*n sour** *n* *nt*rpris* v*rsions (*.*.*.**t**, *.*.*.**t**).

Reasoning

T** vuln*r**ility st*mm** *rom improp*r v*li**tion o* so*k*t *il*n*m*s r*port** *y *ppli**tion pro**ss*s *urin* st*rtup. T** pr*-p*t** v*rsion o* **n*l*Sp*wnR*spons* *ir**tly pro**ss** so*k*t ***r*ss*s *rom untrust** sour**s wit*out: *. ****kin* i* p