CVE-2013-4136

Published: Sep 30, 2013

Modified: Sep 17, 2024

PUBLISHED

Description

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/phusion/passenger/blob/release-4.0.6/NEWS

x_refsource_CONFIRM

https://code.google.com/p/phusion-passenger/issues/detail?id=910

x_refsource_CONFIRM

https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b

x_refsource_CONFIRM

RHSA-2013:1136

vendor-advisory

x_refsource_REDHAT

[oss-security] 20130716 Re: Re: Insecure temp files usage in phusion passenger (other than CVE-2013-2119)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-4136

Description

Affected Products

References