CVE-2004-0755
Published: 20 October 2004
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
Priority
Status
Package | Release | Status |
---|---|---|
ruby1.8 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.8.4-1ubuntu1.3)
|
edgy |
Released
(1.8.4-5ubuntu1.2)
|
|
feisty |
Released
(1.8.5-4ubuntu2)
|
|
upstream |
Needs triage
|
|
gutsy |
Released
(1.8.5-4ubuntu2)
|
|
ruby1.6 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.6.8-13ubuntu1)
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
upstream |
Needs triage
|
|
gutsy |
Does not exist
|