Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2013-2119
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.
| Software | From | Fixed in |
|---|---|---|
| phusion / passenger | - | 3.0.20.x |
| phusion / passenger | 3.0.0 | 3.0.0.x |
| phusion / passenger | 3.0.1 | 3.0.1.x |
| phusion / passenger | 3.0.2 | 3.0.2.x |
| phusion / passenger | 3.0.3 | 3.0.3.x |
| phusion / passenger | 3.0.4 | 3.0.4.x |
| phusion / passenger | 3.0.5 | 3.0.5.x |
| phusion / passenger | 3.0.6 | 3.0.6.x |
| phusion / passenger | 3.0.7 | 3.0.7.x |
| phusion / passenger | 3.0.8 | 3.0.8.x |
| phusion / passenger | 3.0.9 | 3.0.9.x |
| phusion / passenger | 3.0.10 | 3.0.10.x |
| phusion / passenger | 3.0.11 | 3.0.11.x |
| phusion / passenger | 3.0.12 | 3.0.12.x |
| phusion / passenger | 3.0.13 | 3.0.13.x |
| phusion / passenger | 3.0.14 | 3.0.14.x |
| phusion / passenger | 3.0.15 | 3.0.15.x |
| phusion / passenger | 3.0.17 | 3.0.17.x |
| phusion / passenger | 3.0.18 | 3.0.18.x |
| phusion / passenger | 3.0.19 | 3.0.19.x |
| phusion / passenger | 4.0.1 | 4.0.1.x |
| phusion / passenger | 4.0.2 | 4.0.2.x |
| phusion / passenger | 4.0.3 | 4.0.3.x |
| phusion / passenger | 4.0.4 | 4.0.4.x |
| redhat / openshift | 1.0 | 1.0.x |
passenger
|
- | 3.0.21 |
|
passenger
|
4.0.1 | 4.0.5 |
- http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/
- http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/
- http://rhn.redhat.com/errata/RHSA-2013-1136.html
- https://access.redhat.com/errata/RHSA-2013:1136
- https://access.redhat.com/security/cve/CVE-2013-2119
- https://bugzilla.redhat.com/show_bug.cgi?id=892813