Family: Debian Local Security Checks --> Category: infos
[DSA537] DSA-537-1 ruby Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Andres Salomon noticed a problem in the CGI session management of
Ruby, an object-oriented scripting language. CGI::Session's FileStore
(and presumably PStore, but not in Debian woody) implementations store
session information insecurely. They simply create files, ignoring
permission issues. This can lead a possible hacker who has also shell
access to the webserver to take over a session.
For the stable distribution (woody) this problem has been fixed in
For the unstable and testing distributions (sid and sarge) this
problem has been fixed in version 1.8.1+1.8.2pre1-4.
We recommend that you upgrade your libruby package.
Solution : http://www.debian.org/security/2004/dsa-537
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.