PRIOn knowledge basePRION:CVE-2013-4136

HistorySep 30, 2013 - 9:55 p.m.

Design/Logic Flaw

2013-09-3021:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

CPENameOperatorVersion
passengerle4.0.5
passengereq4.0.1
passengereq4.0.2
passengereq4.0.3
passengereq4.0.4

Name	Operator	Version
passenger	le	4.0.5
passenger	eq	4.0.1
passenger	eq	4.0.2
passenger	eq	4.0.3
passenger	eq	4.0.4

References

rhn.redhat.com/errata/RHSA-2013-1136.html

www.openwall.com/lists/oss-security/2013/07/16/6

code.google.com/p/phusion-passenger/issues/detail?id=910

github.com/phusion/passenger/blob/release-4.0.6/NEWS

github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b

7.3 High

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2013-4136