Lucene search
RootSSV:60660HistoryFeb 28, 2013 - 12:00 a.m.
RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162)
2013-02-2800:00:00
Root
www.seebug.org
30
0.0004 Low
EPSS
Percentile
5.7%
Bugtraq ID:58110
CVE ID: CVE-2013-0162
RubyGems(简称 gems)是一个用于对Rails组件进行打包的Ruby打包系统。
ruby_parser ruby gem没有以安全的方式创建临时文件,/usr/share/gems/gems/ruby_parser-2.0.4/lib/gauntlet_rubyparser.rb的diff_pp函数创建的/tmp/a.[pid]和/tmp/b.[pid]临时文件可被猜测,通过符号链接攻击可覆盖系统文件或更改目标系统文件内容,造成拒绝服务或可提升权限。
0
RubyGems
厂商解决方案
用户可参考如下厂商提供的安全公告获得补丁信息:
https://bugzilla.redhat.com/show_bug.cgi?id=892806
Related
cve
cve
CVE-2013-0162
2013-03-01 05:40:00
nessus
nessus
FreeBSD : rubygem-ruby_parser -- insecure tmp file usage (e1aa3bdd-839a-4a77-8617-cca439a8f9fc)
2013-02-25 00:00:00
RHEL 6 : Subscription Asset Manager (RHSA-2013:0544)
2013-03-10 00:00:00
RHEL 6 : openshift (RHSA-2013:0582)
2018-12-06 00:00:00
osv
osv
debiancve
debiancve
CVE-2013-0162
2013-03-01 05:40:00
prion
prion
Code injection
2013-03-01 05:40:00
ubuntucve
ubuntucve
CVE-2013-0162
2013-03-01 00:00:00
securityvulns
securityvulns
freebsd
freebsd
rubygem-ruby_parser -- insecure tmp file usage
2013-02-24 00:00:00
github
github
rubygems
rubygems
CVE-2013-0162 rubygem-ruby_parser: incorrect temporary file usage
2013-02-20 20:00:00
redhat
redhat
(RHSA-2013:0544) Important: Subscription Asset Manager 1.2 update
2013-02-21 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00