Published: 19/02/2015 Updated: 20/02/2015

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Phusion Passenger prior to 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phusion passenger

Debian Bug report logs - #736958 ruby-passenger: CVE-2014-1831: insecure use of /tmp Package: src:ruby-passenger; Maintainer for src:ruby-passenger is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Jakub Wilk <jwilk@debianorg> Date: Tue, 28 Jan 2014 19:21:02 UTC Se ...

Phusion Passenger before 4037 allows local users to write to certain files and directories via a symlink attack on (1) control_processpid or a (2) generation-* file ...

NVD-CWE-Other https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 http://openwall.com/lists/oss-security/2014/01/28/8 http://openwall.com/lists/oss-security/2014/01/30/3 https://github.com/phusion/passenger/commit/34b1087870c2 http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149032.html https://bugzilla.redhat.com/show_bug.cgi?id=1058992 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1831

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1831

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect