Lucene search

K
rubygemsRubySecRUBY:PASSENGER-2013-4136-94074
HistoryJun 09, 2013 - 8:00 p.m.

CVE-2013-4136 rubygem-passenger: insecure temporary directory usage due toreuse of existing server instance directories

2013-06-0920:00:00
RubySec
rubysec.com
5

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6
for Ruby allows local users to gain privileges or possibly change the ownership
of arbitrary directories via a symlink attack on a directory with a predictable
name in /tmp/.

CPENameOperatorVersion
passengerlt4.0.8