RubySec

Providing security resources for the Ruby community

CVE-2014-5003 (ciborg): ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite

ADVISORIES

GEM

ciborg

SEVERITY

CVSS v3.x: 5.5 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file.