Sha256: 886cbec265e5e34d159db09201b0a4cdc60f90702eeb26c3de9ff2f749ba3cfd

Contents?: true

Size: 546 Bytes

Versions: 5

Compression:

Stored size: 546 Bytes

Contents

---
gem: VladTheEnterprising
cve: 2014-4996
osvdb: 108728
url: http://www.osvdb.org/show/osvdb/108728
title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact 
date: 2014-06-30
description: |
  VladTheEnterprising Gem for Ruby contains a flaw as the program creates
  temporary files insecurely. It is possible for a local attacker to use
  a symlink attack against the /tmp/my.cnf.#{target_host} file they can
  overwrite arbitrary files, gain access to the MySQL root password,
  or inject arbitrary commands.

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml