Title: Vulnerability Report for Ruby Gem ciborg-3.0.0

Author: Larry W. Cashdollar, @_larry0<br><br>Date: 06/01/2014

Download: http://rubygems.org/gems/ciborg

Gem Author:  commoncode@pivotallabs.com

From: ./ciborg-3.0.0/chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb

There is a /tmp file race condition when creating /tmp/perlbrew-installer if a malicious local user creates the file first they can overwrite the contents with their own code executing it as the ciborg process owner.

014:  curl -s https://raw.github.com/gugod/App-perlbrew/master/perlbrew-install -o /tmp/perlbrew-installer
15:  chmod +x /tmp/perlbrew-installer
16:  /tmp/perlbrew-installer