NVD

Id
52693  
Name
CVE-2007-0469  
Description
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-01-23  
Modified Date
2016-10-17  
Seq
2007-0469  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
266316 52693 CVE-2007-0469 20070121 RubyGems 0.9.0 and earlier installation exploit  View
266317 52693 CVE-2007-0469 http://rubyforge.org/frs/shownotes.php?release_id=9074  View
266318 52693 CVE-2007-0469 SUSE-SR:2007:004  View
266319 52693 CVE-2007-0469 20070121 RubyGems 0.9.0 and earlier installation exploit  View
266320 52693 CVE-2007-0469 ADV-2007-0295  View
266321 52693 CVE-2007-0469 rubygems-extractfiles-file-overwrite(31688)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
56295 JVNDB-2007-004987 RubyGems の installer.rb におけるサービス運用妨害 (DoS) の脆弱性 RubyGems の installer.rb の extract_files 関数は、上書きされる前にファイルが存在するかどうかをチェックしないため、任意のファイルを上書きされる、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。 CVE-2007-0469 23824 CVE-2007-0469 52693 9.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004987.html 2007-01-23 2012-12-20 View