Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2004-441: irb Vulnerability Scan


Vulnerability Scan Summary
Check for the version of the irb packages

Detailed Explanation for this Vulnerability Test


An updated ruby package that fixes insecure file permissions for CGI
session
files is now available.

Ruby is an interpreted scripting language for object-oriented programming.

Andres Salomon reported an insecure file permissions flaw in the CGI
session management of Ruby. FileStore created world readable files that
could allow a malicious local user the ability to read CGI session data.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains a
backported patch to CGI::Session FileStore.




Solution : http://rhn.redhat.com/errata/RHSA-2004-441.html
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.