RHEL 2.1 / 3 : ruby (RHSA-2004:441)
Low Nessus Plugin ID 15412
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn updated ruby package that fixes insecure file permissions for CGI session files is now available.
Ruby is an interpreted scripting language for object-oriented programming.
Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0755 to this issue.
Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore.
SolutionUpdate the affected packages.