Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1831

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2014-1831
Last Modified 20 Feb 2015 06:56:49
Published 19 Feb 2015 10:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2014-1831

Summary

Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.

Vulnerable Systems

Application

  • Phusion Passenger 4.0.36


References

CONFIRM - https://github.com/phusion/passenger/commit/34b1087870c2

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1058992

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736958

MLIST - [oss-security] 20140130 Re: CVE request: temporary file issue in Passenger rubygem

MLIST - [oss-security] 20140128 CVE request: temporary file issue in Passenger rubygem

FEDORA - FEDORA-2015-1151


Last Updated: 27 May 2016 11:07:53