• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Yukihiro Matsumoto Ruby CGI Session Management Insecure File Permissions Vulnerability

Solution:
The current 1.6 version of Ruby and versions 1.8.1 and 1.8.2 pre1 and 1.8.2 pre2 are not affected by this issue. This information is not confirmed at the moment.

Red Hat has released an advisory (FEDORA-2004-264) to address this issue in Fedora Core 2. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:441-18 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers that are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Debian has released an advisory to address this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200409-08) and an updated eBuild to address this issue. Please see the referenced advisory to more information. Gentoo users can carry out the following commands to update their computers:

emerge sync
emerge -pv ">=dev-lang/ruby-your_version"
emerge ">=dev-lang/ruby-your_version"

Mandrake has released advisory MDKSA-2004:128 along with fixes to address this issue. Please see the referenced advisory for further information.

RedHat Fedora Linux has released advisory FEDORA-2004-403 along with fixes for their Fedora Core 3 product. Please see the referenced advisory for more information.

Turbolinux has released advisory Turbolinux Security Announcement 31/Jan/2005 to address various issues. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA:152768 to address this issue in RedHat Linux 7.3, 9, and Fedora Core 1. Please see the referenced advisory for further information.


Yukihiro Matsumoto Ruby 1.6

• RedHat irb-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/irb-1.6.7-5.l egacy.i386.rpm


• RedHat irb-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/irb-1.6.8-6.2.l egacy.i386.rpm


• RedHat ruby-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-1.6.7-5. legacy.i386.rpm


• RedHat ruby-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-1.6.8-6.2. legacy.i386.rpm


• RedHat ruby-devel-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-devel-1. 6.7-5.legacy.i386.rpm


• RedHat ruby-devel-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-devel-1.6. 8-6.2.legacy.i386.rpm


• RedHat ruby-docs-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-docs-1.6 .7-5.legacy.i386.rpm


• RedHat ruby-docs-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-docs-1.6.8 -6.2.legacy.i386.rpm


• RedHat ruby-libs-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-libs-1.6 .7-5.legacy.i386.rpm


• RedHat ruby-libs-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-libs-1.6.8 -6.2.legacy.i386.rpm


• RedHat ruby-mode-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-1.6 .7-5.legacy.i386.rpm


• RedHat ruby-mode-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-mode-1.6.8 -6.2.legacy.i386.rpm


• RedHat ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-xem acs-1.6.7-5.legacy.i386.rpm


• RedHat ruby-tcltk-1.6.7-5.legacy.i386.rpm
  RedHat Linux 7.3
  http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-tcltk-1. 6.7-5.legacy.i386.rpm


• RedHat ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
  RedHat Linux 9.0
  http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-tcltk-1.6. 8-6.2.legacy.i386.rpm

Yukihiro Matsumoto Ruby 1.8

• Fedora irb-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora irb-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-debuginfo-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-debuginfo-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-devel-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-devel-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-docs-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-docs-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-libs-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-libs-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-mode-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-mode-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-tcltk-1.8.1-6.i386.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Fedora ruby-tcltk-1.8.1-6.x86_64.rpm
  RedHat Fedora Core 2
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/


• Mandrake ruby-1.8.0-4.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-1.8.0-4.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-devel-1.8.0-4.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-devel-1.8.0-4.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-doc-1.8.0-4.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-doc-1.8.0-4.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-tk-1.8.0-4.2.92mdk.amd64.rpm
  Mandrake Linux 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake ruby-tk-1.8.0-4.2.92mdk.i586.rpm
  Mandrake Linux 9.2
  http://www.mandrakesecure.net/en/ftp.php


• RedHat irb-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/irb-1.8.0-5.leg acy.i386.rpm


• RedHat ruby-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-1.8.0-5.le gacy.i386.rpm


• RedHat ruby-devel-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-devel-1.8. 0-5.legacy.i386.rpm


• RedHat ruby-docs-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-docs-1.8.0 -5.legacy.i386.rpm


• RedHat ruby-libs-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-libs-1.8.0 -5.legacy.i386.rpm


• RedHat ruby-mode-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-mode-1.8.0 -5.legacy.i386.rpm


• RedHat ruby-tcltk-1.8.0-5.legacy.i386.rpm
  RedHat Fedora Core 1
  http://download.fedoralegacy.org/fedora/1/updates/i386/ruby-tcltk-1.8. 0-5.legacy.i386.rpm

Turbolinux Turbolinux Desktop 10.0

• TurboLinux ruby-1.6.8-2.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/ruby-1.6.8-2.i586.rpm

Turbolinux Turbolinux Server 10.0

• TurboLinux ruby-1.8.1-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/ruby-1.8.1-4.i586.rpm

Turbolinux Turbolinux Server 7.0

• TurboLinux ruby-1.6.4-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/ruby-1.6.4-4.i586.rpm

Turbolinux Turbolinux Workstation 7.0

• TurboLinux ruby-1.6.4-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/ruby-1.6.4-4.i586.rpm

Turbolinux Turbolinux Workstation 8.0

• TurboLinux ruby-1.6.4-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/ruby-1.6.4-4.i586.rpm

Turbolinux Turbolinux Server 8.0

• TurboLinux ruby-1.6.4-4.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/ruby-1.6.4-4.i586.rpm