CVE-2014-5003

Name of the Vulnerable Software and Affected Versions ciborg gem version 3.0.0

Description The issue concerns a /tmp file race condition in the chef/travis-cookbooks/ci environment/perlbrew/recipes/default.rb file of the ciborg gem. This allows a malicious local user to create a symlink attack on /tmp/perlbrew-installer, potentially overwriting the file's contents with their own code. This could lead to the execution of arbitrary code with the privileges of the ciborg process owner.

Recommendations For ciborg gem version 3.0.0, consider restricting access to the /tmp/perlbrew-installer file to prevent a malicious user from creating a symlink attack. As a temporary workaround, avoid using the chef/travis-cookbooks/ci environment/perlbrew/recipes/default.rb recipe until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.