CVE-2013-2119

EUVD-2017-0208
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
phusionpassenger
𝑥
≤ 3.0.20
phusionpassenger
3.0.0
phusionpassenger
3.0.1
phusionpassenger
3.0.2
phusionpassenger
3.0.3
phusionpassenger
3.0.4
phusionpassenger
3.0.5
phusionpassenger
3.0.6
phusionpassenger
3.0.7
phusionpassenger
3.0.8
phusionpassenger
3.0.9
phusionpassenger
3.0.10
phusionpassenger
3.0.11
phusionpassenger
3.0.12
phusionpassenger
3.0.13
phusionpassenger
3.0.14
phusionpassenger
3.0.15
phusionpassenger
3.0.17
phusionpassenger
3.0.18
phusionpassenger
3.0.19
phusionpassenger
4.0.1
phusionpassenger
4.0.2
phusionpassenger
4.0.3
phusionpassenger
4.0.4
redhatopenshift
1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-passenger
lucid
dne
precise
dne
quantal
ignored
raring
ignored
saucy
not-affected
trusty
dne
Common Weakness Enumeration
References
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
http://rhn.redhat.com/errata/RHSA-2013-1136.html
https://bugzilla.redhat.com/show_bug.cgi?id=892813
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
http://rhn.redhat.com/errata/RHSA-2013-1136.html
https://bugzilla.redhat.com/show_bug.cgi?id=892813