Sha256: c5e736976e666496ed3dd014a252ef77a4154a69d368d3cebf36864b00d47e16

Contents?: true

Size: 684 Bytes

Versions: 6

Compression:

Stored size: 684 Bytes

Contents

---
engine: ruby
cve: 2011-1004
osvdb: 70958
url: http://www.osvdb.org/show/osvdb/70958
title: |
  Ruby FileUtils.remove_entry_secure Method File Symlink Race Condition Arbitrary
  File Deletion
date: 2011-02-19
description: |
  Ruby contains a race condition flaw that may allow a malicious local user to
  delete arbitrary files on the system. The issue is due to the
  'FileUtils.remove_entry_secure' method creating temporary files insecurely.
  It is possible for a local attacker to use a symlink attack to cause the
  program to unexpectedly write to, or overwrite an attacker specified file.
cvss_v2: 6.3
patched_versions:
  - ~> 1.8.7.334
  - ~> 1.9.1.431
  - ">= 1.9.2.180"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/ruby/CVE-2011-1004.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/ruby/OSVDB-70958.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-70958.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/ruby/OSVDB-70958.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/ruby/OSVDB-70958.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/ruby/OSVDB-70958.yml