CVE-2013-4136

NONE EPSS 24.8%
Published Sep 30, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Sep 30, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Threat Intelligence

EPSS Exploit Probability
24.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-59

Affected Products 6

VendorProductVersionRange
phusionpassenger* ≤4.0.5
phusionpassenger4.0.1any
phusionpassenger4.0.2any
phusionpassenger4.0.3any
phusionpassenger4.0.4any
ruby-langruby*any

References 5

  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1136.html
    Vendor Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2013/07/16/6
  • code.google.com https://code.google.com/p/phusion-passenger/issues/detail?id=910
  • github.com https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
  • github.com https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.