CVE-2013-2119

NONE EPSS 32.0%
Published Jan 3, 201412y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 3, 2014 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

Threat Intelligence

EPSS Exploit Probability
32.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-264

Affected Products 26

VendorProductVersionRange
phusionpassenger* ≤3.0.20
phusionpassenger3.0.0any
phusionpassenger3.0.1any
phusionpassenger3.0.2any
phusionpassenger3.0.3any
phusionpassenger3.0.4any
phusionpassenger3.0.5any
phusionpassenger3.0.6any
phusionpassenger3.0.7any
phusionpassenger3.0.8any
phusionpassenger3.0.9any
phusionpassenger3.0.10any
phusionpassenger3.0.11any
phusionpassenger3.0.12any
phusionpassenger3.0.13any
phusionpassenger3.0.14any
phusionpassenger3.0.15any
phusionpassenger3.0.17any
phusionpassenger3.0.18any
phusionpassenger3.0.19any
phusionpassenger4.0.1any
phusionpassenger4.0.2any
phusionpassenger4.0.3any
phusionpassenger4.0.4any
ruby-langruby*any
redhatopenshift1.0any

References 4

  • blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
    PatchVendor Advisory
  • blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
    PatchVendor Advisory
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1136.html
    Third Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=892813
    Issue TrackingThird Party Advisory

Remediation

  • blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
    PatchVendor Advisory
  • blog.phusion.nl http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
    PatchVendor Advisory