Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0162

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2013-0162
Last Modified 01 Mar 2013 12:00:00
Published 01 Mar 2013 12:40:16
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2013-0162

Summary

The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Vulnerable Systems

Application

  • Ryan Davis Ruby Parser 1.0.0

  • Ryan Davis Ruby Parser 2.0.0

  • Ryan Davis Ruby Parser 2.0.1

  • Ryan Davis Ruby Parser 2.0.2

  • Ryan Davis Ruby Parser 2.0.3

  • Ryan Davis Ruby Parser 2.0.4

  • Ryan Davis Ruby Parser 2.0.5

  • Ryan Davis Ruby Parser 2.0.6

  • Ryan Davis Ruby Parser 2.1.0

  • Ryan Davis Ruby Parser 2.2.0

  • Ryan Davis Ruby Parser 2.3.0

  • Ryan Davis Ruby Parser 2.3.1

  • Ryan Davis Ruby Parser 3.0.0

  • Ryan Davis Ruby Parser 3.0.0.a1

  • Ryan Davis Ruby Parser 3.0.0.a10

  • Ryan Davis Ruby Parser 3.0.0.a2

  • Ryan Davis Ruby Parser 3.0.0.a3

  • Ryan Davis Ruby Parser 3.0.0.a4

  • Ryan Davis Ruby Parser 3.0.0.a5

  • Ryan Davis Ruby Parser 3.0.0.a6

  • Ryan Davis Ruby Parser 3.0.0.a7

  • Ryan Davis Ruby Parser 3.0.0.a8

  • Ryan Davis Ruby Parser 3.0.0.a9

  • Ryan Davis Ruby Parser 3.0.1

  • Ryan Davis Ruby Parser 3.0.2

  • Ryan Davis Ruby Parser 3.0.3

  • Ryan Davis Ruby Parser 3.0.4

  • Ryan Davis Ruby Parser 3.1.0

  • Ryan Davis Ruby Parser 3.1.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=892806

REDHAT - RHSA-2013:0548

REDHAT - RHSA-2013:0544


Last Updated: 27 May 2016 10:58:34