CVE-2013-4136

Published: Sep 30, 2013Modified: Apr 29, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.

Affected (5)

Products: Phusion: Passenger

Phusion

1 product

Passenger

Configuration A

5 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Phusion Passenger	Up to 4.0.5
Phusion Passenger	Version 4.0.1
Phusion Passenger	Version 4.0.2
Phusion Passenger	Version 4.0.3
Phusion Passenger	Version 4.0.4

Running on/with	Platform Versions
Ruby Lang Ruby	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (10)

http://rhn.redhat.com/errata/RHSA-2013-1136.html

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2013/07/16/6

Source: secalert@redhat.com

https://code.google.com/p/phusion-passenger/issues/detail?id=910

Source: secalert@redhat.com

https://github.com/phusion/passenger/blob/release-4.0.6/NEWS

Source: secalert@redhat.com

https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1136.html