oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: Re: [oss-security] CVE request: ruby: FileUtils is

Re: [oss-security] CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

From: Josh Bressers <bressers_at_nospam>
Date: Mon Feb 21 2011 - 19:52:50 GMT
To: oss-security@lists.openwall.com

----- Original Message -----
> AFAIK this two need a CVE-ID:
> 1)
> http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/

CVE-2011-1004 Ruby FileUtils.remove_entry_secure symlink attack

> 2)
> http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
>

CVE-2011-1005 Ruby Exception methods can bypass $SAFE

Thanks.

-- JB