The default value for 'tmpdir' parameter is /tmp, so any user can
know the name of the file created by CGI::Session::FileStore.
The filename contains the session id, so this can lead an attacker
who has also shell access to the webserver to take over a session.
Message-Id: <email address hidden>
Date: Tue, 24 Aug 2004 18:29:49 +0900
From: Shugo Maeda <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libruby1.8: CGI::Session creates files insecurely yet
Package: libruby1.8
Version: 1.8.1+1.8.2pre2-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The default value for 'tmpdir' parameter is /tmp, so any user can :FileStore.
know the name of the file created by CGI::Session:
The filename contains the session id, so this can lead an attacker
who has also shell access to the webserver to take over a session.
-- System Information: 0.0.100 ja_JP.eucJP
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-swsusp2.
Locale: LANG=ja_JP.eucJP, LC_CTYPE=
Versions of packages libruby1.8 depends on:
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
-- no debconf information