|
Family: Red Hat Local Security Checks --> Category: infos
RHSA-2004-441: irb Vulnerability Scan
Vulnerability Scan Summary Check for the version of the irb packages
Detailed Explanation for this Vulnerability Test
An updated ruby package that fixes insecure file permissions for CGI
session
files is now available.
Ruby is an interpreted scripting language for object-oriented programming.
Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains a
backported patch to CGI::Session FileStore.
Solution : http://rhn.redhat.com/errata/RHSA-2004-441.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|