A race condition was found in the way the secure implementation of Ruby fileutils' remove system entries method (remove_entry_secure()), removed directory trees. A local attacker could use this flaw to conduct symbolic link attacks, leading to removal of arbitrary files or directories on the system. References: [1] http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ Upstream patch (against trunk): [2] http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=30896
This issue did NOT affect the versions of the ruby package, as shipped with Red Hat Enterprise Linux 3 or 4, as those versions do not include support for remove_entry_secure() method yet. This issue affects the versions of the ruby package, as shipped with Red Hat Enterprise Linux 5 and 6. -- This issue affects the version of the ruby package, as shipped with Fedora release of 13. Particular ruby package update for Fedora release of 14 has been already scheduled. Upon testing phase, it will be pushed to Fedora 14 stable repository.
CVE Request: [3] http://www.openwall.com/lists/oss-security/2011/02/21/2
The CVE identifier of CVE-2011-1004 has been assigned to this issue: [4] http://www.openwall.com/lists/oss-security/2011/02/21/5
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0910 https://rhn.redhat.com/errata/RHSA-2011-0910.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0909 https://rhn.redhat.com/errata/RHSA-2011-0909.html
Statement: (none)