The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.

Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CVE-2004-0755).

The ruby developers have corrected a problem in the ruby CGI module that can be triggered remotely and cause an inifinite loop on the server (CVE-2004-0983).

The updated packages are patched to prevent these problems.

An updated ruby package that fixes insecure file permissions for CGI session files is now available.

Ruby is an interpreted scripting language for object-oriented programming.

Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world readable files that could allow a malicious local user the ability to read CGI session data. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0755 to this issue.

Users are advised to upgrade to this erratum package, which contains a backported patch to CGI::Session FileStore.

Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.

The remote host is affected by the vulnerability described in GLSA-200409-08 (Ruby: CGI::Session creates files insecurely)

    The CGI::Session::FileStore implementation (and presumably     CGI::Session::PStore), which allow data associated with a particular     Session instance to be written to a file, writes to a file in /tmp with no     regard for secure permissions. As a result, the file is left with whatever     the default umask permissions are, which commonly would allow other local     users to read the data from that session file.
  Impact :

    Depending on the default umask, any data stored using these methods could     be read by other users on the system.
  Workaround :

    By changing the default umask on the system to not permit read access to     other users (e.g. 0700), one can prevent these files from being readable by     other users.

According to a Debian Security Advisory :

Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore (and presumably PStore [...]) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.

ID	Name	Product	Family	Severity
15650	Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)	Nessus	Mandriva Local Security Checks	medium
15412	RHEL 2.1 / 3 : ruby (RHSA-2004:441)	Nessus	Red Hat Local Security Checks	low
15374	Debian DSA-537-1 : ruby - insecure file permissions	Nessus	Debian Local Security Checks	low
14662	GLSA-200409-08 : Ruby: CGI::Session creates files insecurely	Nessus	Gentoo Local Security Checks	low
14280	FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)	Nessus	FreeBSD Local Security Checks	low

Detections

Analytics

CVE-2004-0755

high

Tenable Plugins

medium

low

low

low

low