Lucene search
RedHatRHSA-2004:441HistorySep 30, 2004 - 12:00 a.m.
(RHSA-2004:441) ruby security update
2004-09-3000:00:00
access.redhat.com
8
0.0004 Low
EPSS
Percentile
5.1%
Ruby is an interpreted scripting language for object-oriented programming.
Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains a
backported patch to CGI::Session FileStore.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | s390 | ruby | < 1.6.8-9.EL3.2 | ruby-1.6.8-9.EL3.2.s390.rpm |
| RedHat | any | x86_64 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.x86_64.rpm |
| RedHat | any | i386 | ruby-devel | < 1.6.4-2.AS21.0 | ruby-devel-1.6.4-2.AS21.0.i386.rpm |
| RedHat | any | s390x | ruby-devel | < 1.6.8-9.EL3.2 | ruby-devel-1.6.8-9.EL3.2.s390x.rpm |
| RedHat | any | s390 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.s390.rpm |
| RedHat | any | i386 | irb | < 1.6.4-2.AS21.0 | irb-1.6.4-2.AS21.0.i386.rpm |
| RedHat | any | s390x | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.s390x.rpm |
| RedHat | any | ia64 | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.ia64.rpm |
| RedHat | any | ppc | ruby-mode | < 1.6.8-9.EL3.2 | ruby-mode-1.6.8-9.EL3.2.ppc.rpm |
| RedHat | any | s390x | ruby | < 1.6.8-9.EL3.2 | ruby-1.6.8-9.EL3.2.s390x.rpm |
Related
securityvulns
securityvulns
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely
2004-09-06 00:00:00
nessus
nessus
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
2004-09-04 00:00:00
Fedora Core 2 : ruby-1.8.1-6 (2004-264)
2004-10-15 00:00:00
Debian DSA-537-1 : ruby - insecure file permissions
2004-09-29 00:00:00
openvas
openvas
Debian Security Advisory DSA 537-1 (ruby)
2008-01-17 00:00:00
FreeBSD Ports: ruby
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
2008-09-24 00:00:00
gentoo
gentoo
Ruby: CGI::Session creates files insecurely
2004-09-03 00:00:00
osv
osv
ruby - insecure file permissions
2004-08-16 00:00:00
cvelist
cvelist
CVE-2004-0755
2004-08-19 04:00:00
cve
cve
CVE-2004-0755
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0755
2004-10-20 00:00:00
freebsd
freebsd
Ruby insecure file permissions in the CGI session management
2004-08-16 00:00:00
nvd
nvd
CVE-2004-0755
2004-10-20 04:00:00
debian
debian
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49