exploitDog

CVE-2013-4136

Опубликовано: 20 июн. 2013

Источник: redhat

CVSS2: 4.6

Описание

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=985633rubygem-passenger: insecure temporary directory usage due to reuse of existing server instance directories

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2013-4136

ubuntu

больше 12 лет назад

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

CVE-2013-4136

nvd

больше 12 лет назад

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

CVE-2013-4136

debian

больше 12 лет назад

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 f ...

GHSA-w6rc-q387-vpgq

github

больше 8 лет назад

insecure temporary directory usage in passenger

4.6 Medium

CVSS2