2 matches found
CVE-2014-5003
chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer...
CVE-2014-5003
The ciborg gem for Ruby (version 3.0.0) contains a local file-write race condition in /tmp/perlbrew-installer. A local attacker can exploit a symlink attack against the temporary file to overwrite arbitrary files with the ciborg process’ privileges. This is a local, low- to medium-severity issue ...