Ruby 'FileUtils.remove_entry_secure()' Method Race Condition Vulnerability

Bugtraq ID: 46460
Class: Race Condition Error
CVE: CVE-2011-1004
Remote: No
Local: Yes
Published: Feb 21 2011 12:00AM
Updated: Dec 16 2014 12:54AM
Credit: The vendor reported this issue.
Vulnerable: Yukihiro Matsumoto Ruby 1.9.3 dev
Yukihiro Matsumoto Ruby 1.9.2 P136
Yukihiro Matsumoto Ruby 1.9.2 P0
Yukihiro Matsumoto Ruby 1.9.1 -p429
Yukihiro Matsumoto Ruby 1.9.1 -p376
Yukihiro Matsumoto Ruby 1.9.1
Yukihiro Matsumoto Ruby 1.8.7 -p72
Yukihiro Matsumoto Ruby 1.8.7 -p71
Yukihiro Matsumoto Ruby 1.8.7 -p22
Yukihiro Matsumoto Ruby 1.8.7 -p21
Yukihiro Matsumoto Ruby 1.8.7
Yukihiro Matsumoto Ruby 1.8.6 -p287
Yukihiro Matsumoto Ruby 1.8.6 -p286
Yukihiro Matsumoto Ruby 1.8.6 -p230
Yukihiro Matsumoto Ruby 1.8.6 -p229
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.9.1-p430
Yukihiro Matsumoto Ruby 1.9.1-p378
Yukihiro Matsumoto Ruby 1.8.7-p330
Yukihiro Matsumoto Ruby 1.8.7-p302
Yukihiro Matsumoto Ruby 1.8.7-p299
Yukihiro Matsumoto Ruby 1.8.7-p249
Yukihiro Matsumoto Ruby 1.8.7-p248
Yukihiro Matsumoto Ruby 1.8.7-p173
Yukihiro Matsumoto Ruby 1.8.7-p160
Yukihiro Matsumoto Ruby 1.8.6-p420
Yukihiro Matsumoto Ruby 1.8.6-p399
Yukihiro Matsumoto Ruby 1.8.6-p388
Yukihiro Matsumoto Ruby 1.8.6-p383
Yukihiro Matsumoto Ruby 1.8.6-p369
Yukihiro Matsumoto Ruby 1.8.6-p368
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4.8.z
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux Workstation 6
Red Hat Enterprise Linux Server EUS 6.1.z
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Long Life 5.6 server
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux EUS 5.6.z server
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4.8.z
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Red Hat Desktop Workstation 5
Pardus Linux 2009 0
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
Gentoo Linux
Avaya Aura System Manager 6.2
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac Os X Server 10.7.3
Apple Mac Os X Server 10.7.2
Apple Mac Os X Server 10.7.1
Apple Mac Os X Server 10.7
Apple Mac Os X Server 10.6.8
Apple Mac Os X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac Os X 10.7.3
Apple Mac Os X 10.7.2
Apple Mac Os X 10.7.1
Apple Mac OS X 10.6
Not Vulnerable: Yukihiro Matsumoto Ruby 1.9.2 P180
Yukihiro Matsumoto Ruby 1.9.1 P431
Yukihiro Matsumoto Ruby 1.8.7-p334
Apple Mac Os X Server 10.7.4
Apple Mac Os X 10.7.4


 

Privacy Statement
Copyright 2010, SecurityFocus