ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.
2013-09-30T21:55:07.223
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.4 (MEDIUM)
AV:L/AC:M/Au:N/C:P/I:P/A:P
3.4
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | phusion | passenger | ≤ 4.0.5 | Yes |
| Application | phusion | passenger | 4.0.1 | Yes |
| Application | phusion | passenger | 4.0.2 | Yes |
| Application | phusion | passenger | 4.0.3 | Yes |
| Application | phusion | passenger | 4.0.4 | Yes |
| Application | ruby-lang | ruby | * | No |