Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2014-4995
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
VladTheEnterprising Gem for Ruby contains a flaw as the program creates
temporary files insecurely. It is possible for a local attacker to use
a symlink attack against the /tmp/my.cnf.#{target_host} file they can
overwrite arbitrary files, gain access to the MySQL root password,
or inject arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4995",
"description": "Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.",
"id": "GSD-2014-4995"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "VladTheEnterprising",
"purl": "pkg:gem/VladTheEnterprising"
}
}
],
"aliases": [
"CVE-2014-4995",
"OSVDB-108728"
],
"details": "VladTheEnterprising Gem for Ruby contains a flaw as the program creates\ntemporary files insecurely. It is possible for a local attacker to use\na symlink attack against the /tmp/my.cnf.#{target_host} file they can\noverwrite arbitrary files, gain access to the MySQL root password,\nor inject arbitrary commands.\n",
"id": "GSD-2014-4995",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4995"
}
],
"schema_version": "1.4.0",
"summary": "VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "vladtheenterprising-info-disc(94745)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94745"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/14"
},
{
"name": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html"
},
{
"name": "68729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68729"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-4995",
"date": "2014-06-30",
"description": "VladTheEnterprising Gem for Ruby contains a flaw as the program creates\ntemporary files insecurely. It is possible for a local attacker to use\na symlink attack against the /tmp/my.cnf.#{target_host} file they can\noverwrite arbitrary files, gain access to the MySQL root password,\nor inject arbitrary commands.\n",
"gem": "VladTheEnterprising",
"osvdb": 108728,
"title": "VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4995"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.2",
"affected_versions": "Version 0.2",
"credit": "Larry W. Cashdollar, @_larry0",
"cvss_v2": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-200",
"CWE-362",
"CWE-937"
],
"date": "2018-01-30",
"description": "VladTheEnterprising Gem for Ruby contains a flaw as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /tmp/my.cnf.#{target_host} file they can overwrite arbitrary files, gain access to the MySQL root password, or inject arbitrary commands.",
"fixed_versions": [],
"identifier": "CVE-2014-4995",
"identifiers": [
"CVE-2014-4995"
],
"package_slug": "gem/VladTheEnterprising",
"pubdate": "2018-01-10",
"solution": "There is no solution for this vulnerability at the moment.",
"title": "Command injection vulnerability",
"urls": [
"http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html"
],
"uuid": "7976458d-7d32-4878-875b-a8370e78d83f"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vladtheenterprising_project:vladtheenterprising:0.2.0:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4995"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vladtheenterprising-info-disc(94745)",
"refsource": "XF",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94745"
},
{
"name": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html"
},
{
"name": "68729",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68729"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/14"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
},
"lastModifiedDate": "2018-01-30T16:03Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}
GSD-2014-4996
Vulnerability from gsd - Updated: 2014-06-30 00:00Details
VladTheEnterprising Gem for Ruby contains a flaw as the program creates
temporary files insecurely. It is possible for a local attacker to use
a symlink attack against the /tmp/my.cnf.#{target_host} file they can
overwrite arbitrary files, gain access to the MySQL root password,
or inject arbitrary commands.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-4996",
"description": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.",
"id": "GSD-2014-4996"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "VladTheEnterprising",
"purl": "pkg:gem/VladTheEnterprising"
}
}
],
"aliases": [
"CVE-2014-4996",
"OSVDB-108728"
],
"details": "VladTheEnterprising Gem for Ruby contains a flaw as the program creates\ntemporary files insecurely. It is possible for a local attacker to use\na symlink attack against the /tmp/my.cnf.#{target_host} file they can\noverwrite arbitrary files, gain access to the MySQL root password,\nor inject arbitrary commands.\n",
"id": "GSD-2014-4996",
"modified": "2014-06-30T00:00:00.000Z",
"published": "2014-06-30T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4996"
}
],
"schema_version": "1.4.0",
"summary": "VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "68731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68731"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "vladtheenterprising-cve20144996-sec-bypass(94744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/14"
},
{
"name": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2014-4996",
"date": "2014-06-30",
"description": "VladTheEnterprising Gem for Ruby contains a flaw as the program creates\ntemporary files insecurely. It is possible for a local attacker to use\na symlink attack against the /tmp/my.cnf.#{target_host} file they can\noverwrite arbitrary files, gain access to the MySQL root password,\nor inject arbitrary commands.\n",
"gem": "VladTheEnterprising",
"osvdb": 108728,
"title": "VladTheEnterprising Gem for Ruby /tmp/my.cnf.#{target_host} Symlink Multiple Impact",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4996"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.2.0",
"affected_versions": "Version 0.2.0",
"cvss_v2": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-59",
"CWE-937"
],
"date": "2018-01-30",
"description": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.",
"fixed_versions": [],
"identifier": "CVE-2014-4996",
"identifiers": [
"CVE-2014-4996"
],
"not_impacted": "",
"package_slug": "gem/VladTheEnterprising",
"pubdate": "2018-01-10",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-4996",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/94744",
"http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html",
"http://www.securityfocus.com/bid/68731",
"http://www.openwall.com/lists/oss-security/2014/07/17/5",
"http://www.openwall.com/lists/oss-security/2014/07/07/14"
],
"uuid": "544049e5-25e3-49fe-9882-fe65a6266178"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vladtheenterprising_project:vladtheenterprising:0.2.0:*:*:*:*:ruby:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4996"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vladtheenterprising-cve20144996-sec-bypass(94744)",
"refsource": "XF",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94744"
},
{
"name": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vapid.dhs.org/advisories/VladTheEnterprising-0.2.html"
},
{
"name": "68731",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/68731"
},
{
"name": "[oss-security] 20140717 Re: Vulnerability Report for Ruby Gem codders-dataset-1.3.2.1 (etc.)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/17/5"
},
{
"name": "[oss-security] 20140707 Vulnerability Report for Ruby Gem VladTheEnterprising-0.2",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/07/14"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-01-30T15:52Z",
"publishedDate": "2018-01-10T18:29Z"
}
}
}