EUVD-2018-0272

Malware in sbrugna...

GHSA-G982-9R8G-6QXW Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink

There is a /tmp file race condition in chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 when creating /tmp/perlbrew-installer. If a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg...

CVE-2014-5003

chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer...

CVE-2014-5003

chef/travis-cookbooks/cienvironment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer...

CVE-2014-5003

The ciborg gem for Ruby (version 3.0.0) contains a local file-write race condition in /tmp/perlbrew-installer. A local attacker can exploit a symlink attack against the temporary file to overwrite arbitrary files with the ciborg process’ privileges. This is a local, low- to medium-severity issue ...

ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite

ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file...