Sha256: bc60943ae7cdc607544e0c1c974f32b58b117f26cb21e67d2f324e3854c4c9ac
Contents?: true
Size: 554 Bytes
Versions: 1
Compression:
Stored size: 554 Bytes
Contents
---
gem: VladTheEnterprising
cve: 2014-4996
osvdb: 108728
url: https://nvd.nist.gov/vuln/detail/CVE-2014-4996
title: VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact
date: 2014-06-30
description: |
VladTheEnterprising Gem for Ruby contains a flaw as the program creates
temporary files insecurely. It is possible for a local attacker to use
a symlink attack against the /tmp/my.cnf.#{target_host} file they can
overwrite arbitrary files, gain access to the MySQL root password,
or inject arbitrary commands.
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/VladTheEnterprising/CVE-2014-4996.yml |