CVE-2008-1145
Published: 4 March 2008
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Notes
Author | Note |
---|---|
fujitsu | Only affects systems with backslash-separated paths, or case-insensitive filenames. Not us. |
Priority
Status
Package | Release | Status |
---|---|---|
ruby1.8 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
upstream |
Released
(1.8.5-p115, 1.8.6-p114)
|
|
Patches: vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469475 |
||
ruby1.9 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|
|
upstream |
Released
(1.9.0-1)
|