In association with heise online

22 January 2007, 11:23

System intrusion with RubyGems

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

RubyGems, an installer application for Ruby packages does not check destination directories when installing packages. This means that an attacker can overwrite important files when installing prepared packages, thus gaining control of the computer.

RubyGems versions 0.9.0 and earlier are affected. Packages in version 0.9.1 are now available to download from the project pages. The developers have also released patches for versions 0.8.11 and 0.9.0. These kit the application out with an installation path check.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit