Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2007-0469
Vulnerability from gsd - Updated: 2007-01-22 00:00Details
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-0469",
"description": "The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.",
"id": "GSD-2007-0469",
"references": [
"https://www.suse.com/security/cve/CVE-2007-0469.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "rubygems-update",
"purl": "pkg:gem/rubygems-update"
}
}
],
"aliases": [
"CVE-2007-0469",
"OSVDB-33561"
],
"details": "The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.",
"id": "GSD-2007-0469",
"modified": "2007-01-22T00:00:00.000Z",
"published": "2007-01-22T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0469"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 9.3,
"type": "CVSS_V2"
}
],
"summary": "CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=9074",
"refsource": "CONFIRM",
"url": "http://rubyforge.org/frs/shownotes.php?release_id=9074"
},
{
"name": "rubygems-extractfiles-file-overwrite(31688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31688"
},
{
"name": "SUSE-SR:2007:004",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "20070121 RubyGems 0.9.0 and earlier installation exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458128/100/0/threaded"
},
{
"name": "ADV-2007-0295",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0295"
},
{
"name": "20070121 RubyGems 0.9.0 and earlier installation exploit",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116939816621060\u0026w=2"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2007-0469",
"cvss_v2": 9.3,
"date": "2007-01-22",
"description": "The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.",
"gem": "rubygems-update",
"library": "rubygems",
"osvdb": 33561,
"patched_versions": [
"\u003e= 0.9.1"
],
"title": "CVE-2007-0469 RubyGems: Specially-crafted Gem archive can overwrite system files",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0469"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=0.8.11 \u003c=0.9.0",
"affected_versions": "All versions starting from 0.8.11 up to 0.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2018-10-16",
"description": "The extract_files function in installer.rb in RubyGems does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.",
"fixed_versions": [
"0.9.1"
],
"identifier": "CVE-2007-0469",
"identifiers": [
"CVE-2007-0469"
],
"not_impacted": "All versions before 0.8.11, all versions after 0.9.0",
"package_slug": "gem/rubygems-update",
"pubdate": "2007-01-24",
"solution": "Upgrade to version 0.9.1 or above.",
"title": "Uncontrolled Resource Consumption",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2007-0469",
"http://rubyforge.org/frs/shownotes.php?release_id=9074",
"http://www.novell.com/linux/security/advisories/2007_4_sr.html",
"http://www.vupen.com/english/advisories/2007/0295",
"http://marc.info/?l=full-disclosure\u0026m=116939816621060\u0026w=2",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/31688",
"http://www.securityfocus.com/archive/1/458128/100/0/threaded"
],
"uuid": "dad2dd4b-36f7-4a11-9ca4-40a45f09d43e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:rubyforge:rubygems:0.8.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:rubyforge:rubygems:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0469"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rubyforge.org/frs/shownotes.php?release_id=9074",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rubyforge.org/frs/shownotes.php?release_id=9074"
},
{
"name": "SUSE-SR:2007:004",
"refsource": "SUSE",
"tags": [],
"url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"
},
{
"name": "ADV-2007-0295",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/0295"
},
{
"name": "20070121 RubyGems 0.9.0 and earlier installation exploit",
"refsource": "FULLDISC",
"tags": [],
"url": "http://marc.info/?l=full-disclosure\u0026m=116939816621060\u0026w=2"
},
{
"name": "rubygems-extractfiles-file-overwrite(31688)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31688"
},
{
"name": "20070121 RubyGems 0.9.0 and earlier installation exploit",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/458128/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-16T16:32Z",
"publishedDate": "2007-01-24T01:28Z"
}
}
}