Forum: Ruby on Rails [ANN] RubyGems 0.9.0 and earlier installation exploit

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Eric H. (Guest)
on 2007-01-17 00:32
(Received via mailing list)
Problem Description:

RubyGems does not check installation paths for gems before writing


Since RubyGems packages are typically installed using root
permissions, arbitrary files may be overwritten on-disk.  This may
lead to denial of service, privilege escalation or remote compromise.


No known workarounds


a) Upgrade to RubyGems 0.9.1

b) Apply one of the following patches

For RubyGems 0.9.0:
This topic is locked and can not be replied to.