CVE-2007-0469
Published: 24 January 2007
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
Priority
Status
Package | Release | Status |
---|---|---|
libgems-ruby Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(0.9.4-1ubuntu1)
|
|
hardy |
Released
(0.9.4-1ubuntu1)
|
|
upstream |
Needs triage
|