CVE-2013-2119

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
phusionpassenger
𝑥
≤ 3.0.20
phusionpassenger
3.0.0
phusionpassenger
3.0.1
phusionpassenger
3.0.2
phusionpassenger
3.0.3
phusionpassenger
3.0.4
phusionpassenger
3.0.5
phusionpassenger
3.0.6
phusionpassenger
3.0.7
phusionpassenger
3.0.8
phusionpassenger
3.0.9
phusionpassenger
3.0.10
phusionpassenger
3.0.11
phusionpassenger
3.0.12
phusionpassenger
3.0.13
phusionpassenger
3.0.14
phusionpassenger
3.0.15
phusionpassenger
3.0.17
phusionpassenger
3.0.18
phusionpassenger
3.0.19
phusionpassenger
4.0.1
phusionpassenger
4.0.2
phusionpassenger
4.0.3
phusionpassenger
4.0.4
redhatopenshift
1.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ruby-passenger
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
http://rhn.redhat.com/errata/RHSA-2013-1136.html
https://bugzilla.redhat.com/show_bug.cgi?id=892813
http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
http://rhn.redhat.com/errata/RHSA-2013-1136.html
https://bugzilla.redhat.com/show_bug.cgi?id=892813