Phusion Passenger prior to 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.
Debian Bug report logs -
#736958
ruby-passenger: CVE-2014-1831: insecure use of /tmp
Package:
src:ruby-passenger;
Maintainer for src:ruby-passenger is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>;
Reported by: Jakub Wilk <jwilk@debianorg>
Date: Tue, 28 Jan 2014 19:21:02 UTC
Se ...
Phusion Passenger before 4037 allows local users to write to certain files and directories via a symlink attack on (1) control_processpid or a (2) generation-* file ...