Ruby 'FileUtils.remove_entry_secure()' Method Race Condition Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to race condition vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary code with elevated privileges or cause a denial-of-service condition. Impact Level: Application.

Solution

Upgrade to Ruby version 1.8.7-334 or 1.9.1-p431 or 1.9.2-p180 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw is due to a race condition within the 'FileUtils.remove_entry_secure' method, which can be exploited to delete arbitrary directories and files via symlink attacks.

Affected

Ruby version 1.8.6 through 1.8.6 patchlevel 420 Ruby version 1.8.7 through 1.8.7 patchlevel 330 Ruby version 1.9.1 through 1.9.1 patchlevel 430 Ruby version 1.9.2 through 1.9.2 patchlevel 136 Ruby version 1.9.3dev, 1.8.8dev

References

http://secunia.com/advisories/43434
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
https://bugzilla.redhat.com/show_bug.cgi?id=678913

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1004

CVSS	Base Score: 6.3 AV:L/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-01 Aug14 (Mac OS X)
Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
Asterisk SIP REGISTER Response Username Enumeration Vulnerability
Arris DOCSIS Password Disclosure

Take action and discover your vulnerabilities