FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)
Low Nessus Plugin ID 14280
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionAccording to a Debian Security Advisory :
Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore [...]) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.
SolutionUpdate the affected packages.