| ID |
CVE-2007-0469
|
| Summary |
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 9.3 (as of 16-10-2018 - 16:32) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| refmap
via4
|
| bugtraq | 20070121 RubyGems 0.9.0 and earlier installation exploit | | confirm | http://rubyforge.org/frs/shownotes.php?release_id=9074 | | fulldisc | 20070121 RubyGems 0.9.0 and earlier installation exploit | | suse | SUSE-SR:2007:004 | | vupen | ADV-2007-0295 | | xf | rubygems-extractfiles-file-overwrite(31688) |
|
| Last major update |
16-10-2018 - 16:32 |
| Published |
24-01-2007 - 01:28 |
| Last modified |
16-10-2018 - 16:32 |
