Vulnerabilities > CVE-2004-0755 - Unspecified vulnerability in Yukihiro Matsumoto Ruby 1.6/1.8
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN yukihiro-matsumoto
nessus
Summary
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-128.NASL description Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session last seen 2020-06-01 modified 2020-06-02 plugin id 15650 published 2004-11-09 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15650 title Mandrake Linux Security Advisory : ruby (MDKSA-2004:128) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:128. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(15650); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-0755", "CVE-2004-0983"); script_xref(name:"MDKSA", value:"2004:128"); script_name(english:"Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CVE-2004-0755). The ruby developers have corrected a problem in the ruby CGI module that can be triggered remotely and cause an inifinite loop on the server (CVE-2004-0983). The updated packages are patched to prevent these problems." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-tk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"ruby-1.8.1-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ruby-devel-1.8.1-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ruby-doc-1.8.1-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"ruby-tk-1.8.1-1.2.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ruby-1.8.1-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ruby-devel-1.8.1-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ruby-doc-1.8.1-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"ruby-tk-1.8.1-4.2.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ruby-1.8.0-4.2.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ruby-devel-1.8.0-4.2.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ruby-doc-1.8.0-4.2.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"ruby-tk-1.8.0-4.2.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-441.NASL description An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0755 to this issue. Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore. last seen 2020-06-01 modified 2020-06-02 plugin id 15412 published 2004-10-02 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15412 title RHEL 2.1 / 3 : ruby (RHSA-2004:441) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:441. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(15412); script_version ("1.26"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0755"); script_xref(name:"RHSA", value:"2004:441"); script_name(english:"RHEL 2.1 / 3 : ruby (RHSA-2004:441)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0755 to this issue. Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0755" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:441" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:441"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"irb-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ruby-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ruby-devel-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ruby-docs-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ruby-libs-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"ruby-tcltk-1.6.4-2.AS21.0")) flag++; if (rpm_check(release:"RHEL3", reference:"ruby-1.6.8-9.EL3.2")) flag++; if (rpm_check(release:"RHEL3", reference:"ruby-devel-1.6.8-9.EL3.2")) flag++; if (rpm_check(release:"RHEL3", reference:"ruby-libs-1.6.8-9.EL3.2")) flag++; if (rpm_check(release:"RHEL3", reference:"ruby-mode-1.6.8-9.EL3.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-537.NASL description Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session last seen 2020-06-01 modified 2020-06-02 plugin id 15374 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15374 title Debian DSA-537-1 : ruby - insecure file permissions code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-537. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15374); script_version("1.22"); script_cvs_date("Date: 2019/08/02 13:32:18"); script_cve_id("CVE-2004-0755"); script_xref(name:"DSA", value:"537"); script_name(english:"Debian DSA-537-1 : ruby - insecure file permissions"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260779" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2004/dsa-537" ); script_set_attribute( attribute:"solution", value: "Upgrade the libruby package. For the stable distribution (woody) this problem has been fixed in version 1.6.7-3woody3. For the unstable and testing distributions (sid and sarge) this problem has been fixed in version 1.8.1+1.8.2pre1-4." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"irb", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libcurses-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libdbm-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libgdbm-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libnkf-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libpty-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libreadline-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libsdbm-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libsyslog-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libtcltk-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"libtk-ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"ruby", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"ruby-dev", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"ruby-elisp", reference:"1.6.7-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"ruby-examples", reference:"1.6.7-3woody3")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:deb_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2004-264.NASL description - Thu Aug 19 2004 Akira TAGOH <tagoh at redhat.com> 1.8.1-6 - security fix [CVE-2004-0755] - ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15474 published 2004-10-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15474 title Fedora Core 2 : ruby-1.8.1-6 (2004-264) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-264. # include("compat.inc"); if (description) { script_id(15474); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-264"); script_name(english:"Fedora Core 2 : ruby-1.8.1-6 (2004-264)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Aug 19 2004 Akira TAGOH <tagoh at redhat.com> 1.8.1-6 - security fix [CVE-2004-0755] - ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-October/000334.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f97b0891" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"irb-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-debuginfo-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-devel-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-docs-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-libs-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-mode-1.8.1-6")) flag++; if (rpm_check(release:"FC2", reference:"ruby-tcltk-1.8.1-6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-libs / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200409-08.NASL description The remote host is affected by the vulnerability described in GLSA-200409-08 (Ruby: CGI::Session creates files insecurely) The CGI::Session::FileStore implementation (and presumably CGI::Session::PStore), which allow data associated with a particular Session instance to be written to a file, writes to a file in /tmp with no regard for secure permissions. As a result, the file is left with whatever the default umask permissions are, which commonly would allow other local users to read the data from that session file. Impact : Depending on the default umask, any data stored using these methods could be read by other users on the system. Workaround : By changing the default umask on the system to not permit read access to other users (e.g. 0700), one can prevent these files from being readable by other users. last seen 2020-06-01 modified 2020-06-02 plugin id 14662 published 2004-09-04 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14662 title GLSA-200409-08 : Ruby: CGI::Session creates files insecurely NASL family Fedora Local Security Checks NASL id FEDORA_2004-403.NASL description - Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-7.FC3.1 - security fix [CVE-2004-0983] - security fix [CVE-2004-0755] - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. (#138366) - ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) - Sat Oct 30 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-7.fc3 - added openssl-devel and db4-devel into BuildRequires. (#137479) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15731 published 2004-11-17 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15731 title Fedora Core 3 : ruby-1.8.1-7.FC3.1 (2004-403) NASL family FreeBSD Local Security Checks NASL id FREEBSD_RUBY_181.NASL description According to a Debian Security Advisory : Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session last seen 2020-06-01 modified 2020-06-02 plugin id 14280 published 2004-08-17 reporter This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14280 title FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)
Oval
| accepted | 2013-04-29T04:11:42.580-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:11128 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. | ||||||||
| version | 26 |
Redhat
| rpms |
|
References
- http://secunia.com/advisories/12290/
- http://secunia.com/advisories/12290/
- http://www.debian.org/security/2004/dsa-537
- http://www.debian.org/security/2004/dsa-537
- http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml
- http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16996
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16996
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128