Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary config file in a directory with a predictable name in /tmp/ before it is used by the gem.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Passenger | Phusion | * | 3.0.20 (including) |
| Passenger | Phusion | 3.0.0 (including) | 3.0.0 (including) |
| Passenger | Phusion | 3.0.1 (including) | 3.0.1 (including) |
| Passenger | Phusion | 3.0.2 (including) | 3.0.2 (including) |
| Passenger | Phusion | 3.0.3 (including) | 3.0.3 (including) |
| Passenger | Phusion | 3.0.4 (including) | 3.0.4 (including) |
| Passenger | Phusion | 3.0.5 (including) | 3.0.5 (including) |
| Passenger | Phusion | 3.0.6 (including) | 3.0.6 (including) |
| Passenger | Phusion | 3.0.7 (including) | 3.0.7 (including) |
| Passenger | Phusion | 3.0.8 (including) | 3.0.8 (including) |
| Passenger | Phusion | 3.0.9 (including) | 3.0.9 (including) |
| Passenger | Phusion | 3.0.10 (including) | 3.0.10 (including) |
| Passenger | Phusion | 3.0.11 (including) | 3.0.11 (including) |
| Passenger | Phusion | 3.0.12 (including) | 3.0.12 (including) |
| Passenger | Phusion | 3.0.13 (including) | 3.0.13 (including) |
| Passenger | Phusion | 3.0.14 (including) | 3.0.14 (including) |
| Passenger | Phusion | 3.0.15 (including) | 3.0.15 (including) |
| Passenger | Phusion | 3.0.17 (including) | 3.0.17 (including) |
| Passenger | Phusion | 3.0.18 (including) | 3.0.18 (including) |
| Passenger | Phusion | 3.0.19 (including) | 3.0.19 (including) |
| Passenger | Phusion | 4.0.1 (including) | 4.0.1 (including) |
| Passenger | Phusion | 4.0.2 (including) | 4.0.2 (including) |
| Passenger | Phusion | 4.0.3 (including) | 4.0.3 (including) |
| Passenger | Phusion | 4.0.4 (including) | 4.0.4 (including) |