Page 2 of 9 results (0.004 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Phusion Passenger 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1831. Phusion Passenger 4.0.37 permite a usuarios locales escribir a ciertos ficheros y directorios a través de un ataque de enlace simbólico sobre (1) control_process.pid o (2) un fichero generation-*. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-1831. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html http://openwall.com/lists/oss-security/2014/01/29/6 http://openwall.com/lists/oss-security/2014/01/30/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 https://bugzilla.redhat.com/show_bug.cgi?id=1058992 https://github.com/phusion/passenger/commit/94428057c602da3d6d34ef75c78091066ecac5c0 •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file. Phusion Passenger anterior a 4.0.37 permite a usuarios locales escribir a ciertos ficheros y directorios a través de un ataque de enlace simbólico sobre (1) control_process.pid o (2)un fichero generation-*. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html http://openwall.com/lists/oss-security/2014/01/28/8 http://openwall.com/lists/oss-security/2014/01/30/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 https://bugzilla.redhat.com/show_bug.cgi?id=1058992 https://github.com/phusion/passenger/commit/34b1087870c2 •

CVSS: 4.6EPSS: 0%CPEs: 26EXPL: 0

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero "config" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema. • http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released http://rhn.redhat.com/errata/RHSA-2013-1136.html https://bugzilla.redhat.com/show_bug.cgi?id=892813 https://access.redhat.com/security/cve/CVE-2013-2119 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. ext/common/ServerInstanceDir.h en Phusion Passenger gem anteriores a 4.0.6 para Ruby permite a usuarios locales obtener privilegios o posiblemente cambiar el propietario de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre un directorio con nombre predecible en /tmp/. • http://rhn.redhat.com/errata/RHSA-2013-1136.html http://www.openwall.com/lists/oss-security/2013/07/16/6 https://code.google.com/p/phusion-passenger/issues/detail?id=910 https://github.com/phusion/passenger/blob/release-4.0.6/NEWS https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b https://access.redhat.com/security/cve/CVE-2013-4136 https://bugzilla.redhat.com/show_bug.cgi?id=985633 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •