what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed


Status Candidate


The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.

Related Files

Red Hat Security Advisory 2013-0582-01
Posted Feb 28, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0582-01 - OpenShift Enterprise is a cloud computing Platform-as-a-Service solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2660, CVE-2012-2661, CVE-2012-2694, CVE-2012-2695, CVE-2012-3424, CVE-2012-3463, CVE-2012-3464, CVE-2012-3465, CVE-2012-4464, CVE-2012-4466, CVE-2012-4522, CVE-2012-5371, CVE-2013-0155, CVE-2013-0162
MD5 | 719c5cded5fcfb6c3ff7f725bfff0228
Ruby Parser 2.0.4 Insecure File Creation
Posted Feb 22, 2013
Authored by Michael Scherer

Ruby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.

tags | advisory, denial of service, ruby
advisories | CVE-2013-0162
MD5 | cc82f7908fd25da5bf86a12880516f5f
Red Hat Security Advisory 2013-0544-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0544-01 - Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. It was discovered that Katello did not properly check user permissions when handling certain requests. An authenticated remote attacker could use this flaw to download consumer certificates or change settings of other users' systems if they knew the target system's UUID. A vulnerability in rubygem-ldap_fluff allowed a remote attacker to bypass authentication and log into Subscription Asset Manager when a Microsoft Active Directory server was used as the back-end authentication server.

tags | advisory, remote
systems | linux, redhat
advisories | CVE-2012-5561, CVE-2012-5603, CVE-2012-5604, CVE-2012-6109, CVE-2012-6496, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184
MD5 | 88ace63fe0f85b6fd97c4f12f5a71b2e
Red Hat Security Advisory 2013-0548-01
Posted Feb 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0548-01 - Red Hat CloudForms is an on-premise hybrid cloud Infrastructure-as-a-Service product that lets you create and manage private and public clouds. It provides self-service computing resources to users in a managed, governed, and secure way. Three flaws were found in rubygem-rack. A remote attacker could use these flaws to perform a denial of service attack against applications using rubygem-rack. It was found that documentation created by rubygem-rdoc was vulnerable to a cross-site scripting attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc is used for creating documentation for Ruby source files, it is not a common scenario to make such documentation accessible over the network.

tags | advisory, remote, web, denial of service, arbitrary, xss, ruby
systems | linux, redhat
advisories | CVE-2012-6109, CVE-2013-0162, CVE-2013-0183, CVE-2013-0184, CVE-2013-0256
MD5 | 3bdbd40445f3fbf7d0ce1fbd2f530597
Page 1 of 1

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2020 Packet Storm. All rights reserved.

Security Services
Hosting By