Contents

---
gem: VladTheEnterprising
cve: 2014-4995
osvdb: 108728
url: https://nvd.nist.gov/vuln/detail/CVE-2014-4995
title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact
date: 2014-06-30
description: |
  VladTheEnterprising Gem for Ruby contains a flaw as the program creates
  temporary files insecurely. It is possible for a local attacker to use
  a symlink attack against the /tmp/my.cnf.#{target_host} file they can
  overwrite arbitrary files, gain access to the MySQL root password,
  or inject arbitrary commands.

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4995.yml