fkie_nvd - fkie_cve-2013-2119

fkie_cve-2013-2119

Vulnerability from fkie_nvd

Published

2014-01-03 18:54

Modified

2024-11-21 01:51

Severity ?

Summary

Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem.

References

URL	Tags
secalert@redhat.com	http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/	Patch, Vendor Advisory
secalert@redhat.com	http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/	Patch, Vendor Advisory
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1136.html	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=892813	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1136.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=892813	Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
phusion	passenger	*
phusion	passenger	3.0.0
phusion	passenger	3.0.1
phusion	passenger	3.0.2
phusion	passenger	3.0.3
phusion	passenger	3.0.4
phusion	passenger	3.0.5
phusion	passenger	3.0.6
phusion	passenger	3.0.7
phusion	passenger	3.0.8
phusion	passenger	3.0.9
phusion	passenger	3.0.10
phusion	passenger	3.0.11
phusion	passenger	3.0.12
phusion	passenger	3.0.13
phusion	passenger	3.0.14
phusion	passenger	3.0.15
phusion	passenger	3.0.17
phusion	passenger	3.0.18
phusion	passenger	3.0.19
phusion	passenger	4.0.1
phusion	passenger	4.0.2
phusion	passenger	4.0.3
phusion	passenger	4.0.4
ruby-lang	ruby	*
redhat	openshift	1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phusion:passenger:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC9E6F6-1C3C-4270-8360-97C0D1907D0C",
              "versionEndIncluding": "3.0.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "079D1872-7E1B-4A66-9B3C-7FFC842A7BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8C8495-4011-4B96-BB78-430B1F508548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3426ED-FAD6-47C5-94D3-A8BACFBEF270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD685C8-82D3-497A-84E9-238D19F15FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "40AD3808-45E1-4889-98AF-4267B9DB17A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FCE653-AFE2-4291-872E-9CA8772F0CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF4B9EF-23CC-46E3-8700-36633924B9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BAC8504-4F89-49AD-A06F-6A5A5B1DA34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "522C4CC8-9B97-4E1D-B82B-073D14444909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9FEA652-5FFF-443F-983B-4FC5A4478F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3907694B-8E1A-4C5B-ABF0-90F023845557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AA53B5-4F58-4D38-80D7-42771F2C295C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4472ABCB-B464-4640-A892-73B4C8CB609F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A2AA0F1-AB6F-4583-9AB1-38B7F69CE96D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EDAC43A-BC17-4F1E-BFF6-4C9180817E5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FEE58A-FFDD-4E00-94F7-947D32CC1350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "09AFC97E-37EF-4D68-B947-C8FB43A11245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2267254-554B-4AF2-A72B-0E346E4657C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:3.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C406BAD-DCF8-4C46-9731-A81EBF387F68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C18671-5FB1-4C97-9FDD-6D495A748DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECFAD875-6DB0-4D40-9A11-E02DA954B197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1CC46D4-E33E-467C-B5C7-8F371D906A46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phusion:passenger:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2595C046-B304-42F3-8194-C259EFDBCA76",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "264DD094-A8CD-465D-B279-C834DDA5F79C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift:1.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "E038BCDC-E14F-4D37-981C-BB80853C148C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary \"config\" file in a directory with a predictable name in /tmp/ before it is used by the gem."
    },
    {
      "lang": "es",
      "value": "Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegaci\u00f3n de servicio (prevenci\u00f3n de inicio de la aplicaci\u00f3n) u obtener privilegios creando un fichero \"config\" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema."
    }
  ],
  "id": "CVE-2013-2119",
  "lastModified": "2024-11-21T01:51:04.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-03T18:54:11.350",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=892813"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-2119

Vulnerability from cvelistv5

Published

2014-01-02 21:00

Modified

2024-08-06 15:27