http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability. 1. Systems that accept backslash (\) as a path separator, such as Windows. 2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X. Attacker can access private files by sending a url with url encoded backslash (\). This works only on systems that accept backslash as a path separator. Or they could bypass restrictions with case-insensitive filesystems.
Note: This is only a security issue if you have a ruby application using WEBrick to serve content via HTTP from a mounted filesystem that is case insensitive or accepts \ as a path separator, therefore setting to low security severity.
CVE-2008-1145: Directory traversal vulnerability in WEBrick 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.
Advisory from researcher that discovered the flaw: http://marc.info/?l=bugtraq&m=120482138928670&w=4 Upstream SVN commit: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=15676 Fixed upstream in: 1.8.5-p115, 1.8.6-p114
This issue does not affect ruby packages as shipped in Red Hat Enterprise Linux 2.1 and 3, as those packages do not include WEBrick component.
ruby-1.8.6.114-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
ruby-1.8.6.114-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0897.html