CVE-2011-1004

Published: Mar 2, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2011:0910

vendor-advisory

x_refsource_REDHAT

46460

vdb-entry

x_refsource_BID

[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

mailing-list

x_refsource_MLIST

ADV-2011-0539

vdb-entry

x_refsource_VUPEN

RHSA-2011:0909

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=678913

x_refsource_CONFIRM

43573

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

mailing-list

x_refsource_MLIST

70958

vdb-entry

x_refsource_OSVDB

FEDORA-2011-1876

vendor-advisory

x_refsource_FEDORA

FEDORA-2011-1913

vendor-advisory

x_refsource_FEDORA

43434

third-party-advisory

x_refsource_SECUNIA

http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/

x_refsource_CONFIRM

http://support.apple.com/kb/HT5281

x_refsource_CONFIRM

MDVSA-2011:097

vendor-advisory

x_refsource_MANDRIVA

APPLE-SA-2012-05-09-1

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1004

Description

Affected Products

References