Red Hat Customer Portal

Skip to main content

CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Details Source

Mitre

Public Date

2013-05-29 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-2119 rubygem-passenger: incorrect temporary file usage

Bugzilla ID

892 813

CVSS Status

verified

Base Score

4.60

Base Metrics

AV:L/AC:L/Au:N/C:P/I:P/A:P

Acknowledgements

This issue was discovered by Michael Scherer of the Red Hat Regional IT team.

Red Hat Security Errata

Platform Errata Release Date
RHOSE Client 1.2 RHSA-2013:1136 2013-08-05

CWE

CWE-377

Affected Packages State

Platform Package State
Red Hat OpenShift Enterprise 1 rubygem-passenger Affected
Red Hat OpenShift Enterprise 1 ruby193-rubygem-passenger Affected