Description

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Remediation

References

CVE-2013-4136

Related Vulnerabilities

Oracle Database Server CVE-2008-0339 Vulnerability (CVE-2008-0339)

MySQL CVE-2013-5770 Vulnerability (CVE-2013-5770)

SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)

osTicket CVE-2018-7195 Vulnerability (CVE-2018-7195)

WordPress Plugin Email Before Download Unspecified Vulnerability (6.9.3)

Severity

Medium

Classification

CVE-2013-4136 CWE-59

Tags

Missing Update Known Vulnerabilities