CVE Vulnerabilities

CVE-2013-2119

Published: Jan 03, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
4.6 MODERATE
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu
MEDIUM

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary config file in a directory with a predictable name in /tmp/ before it is used by the gem.

Affected Software

Name Vendor Start Version End Version
Passenger Phusion * 3.0.20 (including)
Passenger Phusion 3.0.0 (including) 3.0.0 (including)
Passenger Phusion 3.0.1 (including) 3.0.1 (including)
Passenger Phusion 3.0.2 (including) 3.0.2 (including)
Passenger Phusion 3.0.3 (including) 3.0.3 (including)
Passenger Phusion 3.0.4 (including) 3.0.4 (including)
Passenger Phusion 3.0.5 (including) 3.0.5 (including)
Passenger Phusion 3.0.6 (including) 3.0.6 (including)
Passenger Phusion 3.0.7 (including) 3.0.7 (including)
Passenger Phusion 3.0.8 (including) 3.0.8 (including)
Passenger Phusion 3.0.9 (including) 3.0.9 (including)
Passenger Phusion 3.0.10 (including) 3.0.10 (including)
Passenger Phusion 3.0.11 (including) 3.0.11 (including)
Passenger Phusion 3.0.12 (including) 3.0.12 (including)
Passenger Phusion 3.0.13 (including) 3.0.13 (including)
Passenger Phusion 3.0.14 (including) 3.0.14 (including)
Passenger Phusion 3.0.15 (including) 3.0.15 (including)
Passenger Phusion 3.0.17 (including) 3.0.17 (including)
Passenger Phusion 3.0.18 (including) 3.0.18 (including)
Passenger Phusion 3.0.19 (including) 3.0.19 (including)
Passenger Phusion 4.0.1 (including) 4.0.1 (including)
Passenger Phusion 4.0.2 (including) 4.0.2 (including)
Passenger Phusion 4.0.3 (including) 4.0.3 (including)
Passenger Phusion 4.0.4 (including) 4.0.4 (including)
Ruby-passenger Ubuntu quantal *
Ruby-passenger Ubuntu raring *
Ruby-passenger Ubuntu upstream *
RHEL 6 Version of OpenShift Enterprise 1.2 RedHat ruby193-rubygem-passenger-0:3.0.21-3.el6op *
RHEL 6 Version of OpenShift Enterprise 1.2 RedHat rubygem-file-tail-0:1.0.5-4.el6op *
RHEL 6 Version of OpenShift Enterprise 1.2 RedHat rubygem-passenger-0:3.0.21-3.el6op *
RHEL 6 Version of OpenShift Enterprise 1.2 RedHat rubygem-spruz-0:0.2.5-4.el6op *

References