Debian DSA-537-1 : ruby - insecure file permissions

Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore, but not in Debian woody implementations store session information insecurely. They simply create files, ignoring permission issues. This c...

CVE-2004-0755

The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...