RHEL 2.1 / 3 : ruby (RHSA-2004:441)

Low Nessus Plugin ID 15412


The remote Red Hat host is missing one or more security updates.


An updated ruby package that fixes insecure file permissions for CGI session files is now available.

Ruby is an interpreted scripting language for object-oriented programming.

Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore.


Update the affected packages.

See Also



Plugin Details

Severity: Low

ID: 15412

File Name: redhat-RHSA-2004-441.nasl

Version: $Revision: 1.20 $

Type: local

Agent: unix

Published: 2004/10/02

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:irb, p-cpe:/a:redhat:enterprise_linux:ruby, p-cpe:/a:redhat:enterprise_linux:ruby-devel, p-cpe:/a:redhat:enterprise_linux:ruby-docs, p-cpe:/a:redhat:enterprise_linux:ruby-libs, p-cpe:/a:redhat:enterprise_linux:ruby-mode, p-cpe:/a:redhat:enterprise_linux:ruby-tcltk, cpe:/o:redhat:enterprise_linux:2.1, cpe:/o:redhat:enterprise_linux:3

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2004/09/30

Vulnerability Publication Date: 2004/08/16

Reference Information

CVE: CVE-2004-0755

OSVDB: 8845

RHSA: 2004:441