RubyGems passenger gem allows remote attackers to delete files

RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. Affects both open source and Enterprise versions 4.0.0.beta1, 4.0.0.beta2...

insecure temporary directory usage in passenger

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

DEBIAN-CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

Design/Logic Flaw

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

CVE-2013-4136

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/...

Phusion Passenger Gem for Ruby Arbitrary File Deletion

Phusion Passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable...