http://blog.segment7.net/articles/2007/01/21/rubygems-0-9-0-and-earlier-installation-exploit en-us 40 The Blog <h3>Problem Description:</h3> <p>RubyGems does not check installation paths for gems before writing files. <h3>Impact:</h3> <p>Since RubyGems packages are typically installed using root permissions, arbitrary files may be overwritten on-disk. This may lead to denial of service, privilege escalation or remote compromise. <h3>Workaround:</h3> <p>No known workarounds <h3>Solution:</h3> <ol> <li><p>Upgrade to RubyGems 0.9.1 <li><p>Apply one of the following patches: <ul> <li><p>For RubyGems 0.9.0: <p><a href="http://rubyforge.org/frs/download.php/16543/installer.rb.extract_files.REL_0_9_0.patch">installer.rb.extract_files.REL_0_9_0.patch</a><br> MD5 (installer.rb.extract_files.REL_0_9_0.patch) = bed4fcdd438a7d8b81cf72e1ffe48a7d &#65532; <li><p>For RubyGems 0.8.11: <p><a href="http://rubyforge.org/frs/download.php/16544/installer.rb.extract_files.REL_0_8_11.patch">installer.rb.extract_files.REL_0_8_11.patch</a><br> MD5 (installer.rb.extract_files.REL_0_8_11.patch) = 31e3bacd1821de0272864c153b7c0dca </ul> </ol> &#65532;<h3>Note:</h3> <p>Remote installations via Rubyforge will be disabled in the near future for versions of RubyGems earlier than 0.9.1, even for patched versions of RubyGems. Local installations will continue to work, however. <p>Thanks to Gavin Sinclair for finding and reporting this problem. <p>Testing your updated RubyGems: <p>Installing rspec-0.7.5 will give an InstallError on a patched version of RubyGems: <pre><kbd>$ gem install rspec --version 0.7.5 ERROR: While executing gem ... (Gem::InstallError) attempt to install file into "../web_spec/web_test_html_formatter.rb"</kbd></pre> <p>An updated rspec (0.7.5.1) has already been released. Sun, 21 Jan 2007 01:08:00 -0800 urn:uuid:49e56795-8ffb-4ae0-b68b-79751c271306 drbrain@segment7.net (Eric Hodel) http://blog.segment7.net/articles/2007/01/21/rubygems-0-9-0-and-earlier-installation-exploit Ruby Rubygems Software