CVE-2014-5003 (ciborg): ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite

June 30th, 2014

ADVISORIES

CVE-2014-5003 (NVD)
OSVDB-108586

GEM

PATCHED VERSIONS

None.

DESCRIPTION

ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file.

RubySec

CVE-2014-5003 (ciborg): ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite

ADVISORIES

GEM

PATCHED VERSIONS

DESCRIPTION

Recent Advisories