7 matches found
CVE-2013-0162
Removed by vendor...
CVE-2013-0162
CVE-2013-0162 affects the ruby_parser gem (diff_pp function in lib/gauntlet_rubyparser.rb) and earlier 3.1.1, where temporary file handling in /tmp is insecure. This allows a local attacker to craft a symlink attack that can overwrite arbitrary files accessible to the Ruby process. The vulnerabil...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.1 update
Red Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in...
RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)
Bugtraq ID:58110 CVE ID: CVE-2013-0162 RubyGems简称 gems是一个用于对Rails组件进行打包的Ruby打包系统。 rubyparser ruby gem没有以安全的方式创建临时文件,/usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb的diffpp函数创建的/tmp/a.pid和/tmp/b.pid临时文件可被猜测,通过符号链接攻击可覆盖系统文件或更改目标系统文件内容,造成拒绝服务或可提升权限。 0 RubyGems 厂商解决方案...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage / Public Service Announcement
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a relatively minor issue, hence no embargo. Michael Scherer [email protected] of Red Hat found: Looking for incorrect /tmp/ usage, I found the following piece of code in /usr/share/gems/gems/rubyparser-2.0.4/lib/gauntletrubyparser.rb...
Important: Red Hat Security Advisory: Subscription Asset Manager 1.2 update
Red Hat Subscription Asset Manager 1.2, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...