RubySec

Providing security resources for the Ruby community

CVE-2014-5003 (ciborg): ciborg Gem for Ruby default.rb /tmp/perlbrew-installer Local Symlink File Overwrite

ADVISORIES

GEM

ciborg

PATCHED VERSIONS

None.

DESCRIPTION

ciborg Gem for Ruby contains a flaw as default.rb creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/perlbrew-installer file to cause the program to unexpectedly overwrite an arbitrary file.