Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Debian Local Security Checks --> Category: infos

[DSA537] DSA-537-1 ruby Vulnerability Scan

Vulnerability Scan Summary
DSA-537-1 ruby

Detailed Explanation for this Vulnerability Test

Andres Salomon noticed a problem in the CGI session management of
Ruby, an object-oriented scripting language. CGI::Session's FileStore
(and presumably PStore, but not in Debian woody) implementations store
session information insecurely. They simply create files, ignoring
permission issues. This can lead a possible hacker who has also shell
access to the webserver to take over a session.
For the stable distribution (woody) this problem has been fixed in
version 1.6.7-3woody3.
For the unstable and testing distributions (sid and sarge) this
problem has been fixed in version 1.8.1+1.8.2pre1-4.
We recommend that you upgrade your libruby package.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.