Lucene search
GoogleOSV:DSA-537HistoryAug 16, 2004 - 12:00 a.m.
ruby - insecure file permissions
2004-08-1600:00:00
Google
osv.dev
4
0.0004 Low
EPSS
Percentile
5.1%
Andres Salomon noticed a problem in the CGI session management of
Ruby, an object-oriented scripting language. CGI::Session’s FileStore
(and presumably PStore, but not in Debian woody) implementations store
session information insecurely. They simply create files, ignoring
permission issues. This can lead an attacker who has also shell
access to the webserver to take over a session.
For the stable distribution (woody) this problem has been fixed in
version 1.6.7-3woody3.
For the unstable and testing distributions (sid and sarge) this
problem has been fixed in version 1.8.1+1.8.2pre1-4.
We recommend that you upgrade your libruby package.
References
Related
gentoo
gentoo
Ruby: CGI::Session creates files insecurely
2004-09-03 00:00:00
nessus
nessus
Fedora Core 2 : ruby-1.8.1-6 (2004-264)
2004-10-15 00:00:00
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
2004-09-04 00:00:00
Debian DSA-537-1 : ruby - insecure file permissions
2004-09-29 00:00:00
cvelist
cvelist
CVE-2004-0755
2004-08-19 04:00:00
securityvulns
securityvulns
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely
2004-09-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 537-1 (ruby)
2008-01-17 00:00:00
FreeBSD Ports: ruby
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
2008-09-24 00:00:00
redhat
redhat
(RHSA-2004:441) ruby security update
2004-09-30 00:00:00
cve
cve
CVE-2004-0755
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0755
2004-10-20 00:00:00
freebsd
freebsd
Ruby insecure file permissions in the CGI session management
2004-08-16 00:00:00
nvd
nvd
CVE-2004-0755
2004-10-20 04:00:00
debian
debian
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49