Lucene search
PRIOn knowledge basePRION:CVE-2014-1832HistoryFeb 19, 2015 - 3:59 p.m.
Design/Logic Flaw
2015-02-1915:59:00
PRIOn knowledge base
www.prio-n.com
3
Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831.
References
openwall.com/lists/oss-security/2014/01/29/6
openwall.com/lists/oss-security/2014/01/30/3
bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958
bugzilla.redhat.com/show_bug.cgi?id=1058992
github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0
lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html
Related
nvd
nvd
CVE-2014-1832
2015-02-19 15:59:04
CVE-2014-1831
2015-02-19 15:59:02
github
github
Insecure use of temporary files in Phusion passenger
2018-10-10 17:29:27
Insecure use of temporary files in passenger
2018-10-10 17:29:20
cvelist
cvelist
CVE-2014-1832
2015-02-19 15:00:00
CVE-2014-1831
2015-02-19 15:00:00
debiancve
debiancve
CVE-2014-1832
2015-02-19 15:59:04
CVE-2014-1831
2015-02-19 15:59:02
nessus
nessus
Fedora 20 : rubygem-passenger-4.0.53-3.fc20 (2015-1151)
2015-02-04 00:00:00
ubuntucve
ubuntucve
CVE-2014-1832
2015-02-19 00:00:00
CVE-2014-1831
2015-02-19 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-passenger-4.0.53-3.fc20
2015-02-03 12:03:10
osv
osv
Insecure use of temporary files in Phusion passenger
2018-10-10 17:29:27
Insecure use of temporary files in passenger
2018-10-10 17:29:20
cve
cve
CVE-2014-1832
2015-02-19 15:59:04
CVE-2014-1831
2015-02-19 15:59:02
openvas
openvas
Fedora Update for rubygem-passenger FEDORA-2015-1151
2015-02-04 00:00:00
rubygems
rubygems
prion
prion
Arbitrary file deletion
2015-02-19 15:59:00