CVE-2013-4136
NONE EPSS 24.8%
Published Sep 30, 201312y ago · Modified Jun 16, 20262w ago
Published Sep 30, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
Threat Intelligence
EPSS Exploit Probability
24.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-59
Affected Products 6
References 5
- rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1136.html
- openwall.com http://www.openwall.com/lists/oss-security/2013/07/16/6
- code.google.com https://code.google.com/p/phusion-passenger/issues/detail?id=910
- github.com https://github.com/phusion/passenger/blob/release-4.0.6/NEWS
- github.com https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.