There is not real information about what problem CVE-2014-2734 is actually supposed to identify.  The information that was posted to the Full Disclosure mailing list is vague, and the PoC code is obfuscated.

There were some attempts to de-obfuscate the PoC, see this Ycombinator discussion:
https://news.ycombinator.com/item?id=7601973

Adrien Thebo reduced the PoC to:

  #!/usr/bin/env ruby

  require 'openssl'

  key = OpenSSL::PKey::RSA.new(2048)
  ca_cert = OpenSSL::X509::Certificate.new(File.read("ca.pem"))

  puts "before we sign the cert: #{ca_cert.verify(key)}"
  ca_cert.sign(key, OpenSSL::Digest::SHA1.new)
  puts "after we sign the cert: #{ca_cert.verify(key)}"

This version, along with full history of changes from the original PoC, can be found in his github repository:
https://github.com/adrienthebo/cve-2014-2734/
https://github.com/adrienthebo/cve-2014-2734/commits/

The above script does the following:
- generates new RSA key
- loads existing (CA) certificate from file
- checks that the certificate was not signed by the new key
- re-signs the certificate with the new key
- verifies that the certificate is now signed by the new key

Reporting 'true' at the end is intended behavior and not a bug nor security issue.  File system operations, as mentioned in the CVE description and initial report, do not make a difference.

Note that Ruby openssl module is currently rather under-documented.  OpenSSL::X509::Certificate's sign method does not have any documentation other than the example on how to create certificates.
http://www.ruby-doc.org/stdlib-2.1.1/libdoc/openssl/rdoc/OpenSSL/X509/Certificate.html

Unless there's further clarification posted by the reporter, it seems this CVE should be considered invalid.

Ruby upstream has also disputed this CVE.

External References:

https://www.ruby-lang.org/en/news/2014/05/09/dispute-of-vulnerability-cve-2014-2734/