CVE-2013-2119

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2013-2119
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/ Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=892813 Issue Tracking Third Party Advisory
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/ Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1136.html Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*
Information

Published : 2014-01-03 10:54

Updated : 2023-02-12 20:42

NVD link : CVE-2013-2119

Mitre link : CVE-2013-2119

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

phusion

  • passenger

ruby-lang

  • ruby

redhat

  • openshift