[ANN] RubyGems 0.9.0 and earlier installation exploit


#1

Problem Description:

RubyGems does not check installation paths for gems before writing
files.

Impact:

Since RubyGems packages are typically installed using root
permissions, arbitrary files may be overwritten on-disk. This may
lead to denial of service, privilege escalation or remote compromise.

Workaround:

No known workarounds

Solution:

a) Upgrade to RubyGems 0.9.1

b) Apply one of the following patches

For RubyGems 0.9.0: