oss-sec mailing list archives
Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE
From: Josh Bressers <bressers () redhat com>
Date: Mon, 21 Feb 2011 14:52:50 -0500 (EST)
----- Original Message -----
AFAIK this two need a CVE-ID: 1) http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
CVE-2011-1004 Ruby FileUtils.remove_entry_secure symlink attack
2) http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
CVE-2011-1005 Ruby Exception methods can bypass $SAFE
Thanks.
--
JB
Current thread:
- CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Thomas Biege (Feb 21)
- Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE Josh Bressers (Feb 21)