CVE Vulnerabilities

CVE-2007-0469

Published: Jan 24, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
5.6 LOW
AV:N/AC:H/Au:S/C:N/I:P/A:C
RedHat/V3
Ubuntu
UNTRIAGED

The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.

Affected Software

Name Vendor Start Version End Version
Rubygems Rubyforge * 0.9.0 (including)
Rubygems Rubyforge 0.8.11 (including) 0.8.11 (including)
Libgems-ruby Ubuntu devel *
Libgems-ruby Ubuntu feisty *
Libgems-ruby Ubuntu gutsy *
Libgems-ruby Ubuntu hardy *

References