ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-30T19:00:00Z

Updated: 2024-09-17T03:38:39.532Z

Reserved: 2013-06-12T00:00:00Z

Link: CVE-2013-4136

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-09-30T21:55:07.223

Modified: 2024-11-21T01:54:57.200

Link: CVE-2013-4136

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-06-20T00:00:00Z

Links: CVE-2013-4136 - Bugzilla