Lucene search

[email protected]CVE-2007-0469

HistoryJan 24, 2007 - 1:28 a.m.

CVE-2007-0469

2007-01-2401:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0469

rubygems

installer.rb

file overwrite

denial of service

arbitrary code execution

security vulnerability

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.5%

JSON

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

Affected configurations

NVD

Node

rubyforgerubygemsRange≤0.9.0

rubyforgerubygemsMatch0.8.11

CPENameOperatorVersion
rubyforge:rubygemsrubyforge rubygemsle0.9.0
rubyforge:rubygemsrubyforge rubygemseq0.8.11

CPE	Name	Operator	Version
rubyforge:rubygems	rubyforge rubygems	le	0.9.0
rubyforge:rubygems	rubyforge rubygems	eq	0.8.11

References

marc.info/?l=full-disclosure&m=116939816621060&w=2

rubyforge.org/frs/shownotes.php?release_id=9074

www.novell.com/linux/security/advisories/2007_4_sr.html

www.securityfocus.com/archive/1/458128/100/0/threaded

www.vupen.com/english/advisories/2007/0295

exchange.xforce.ibmcloud.com/vulnerabilities/31688

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2007-0469

osv1 ubuntucve1 nessus1 cvelist1 prion1 nvd1 github1 rubygems1 securityvulns1