JVNDB-2006-000606

[Japanese]
JVNDB-2006-000606
Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Overview
The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2.
CVSS Severity (What is CVSS?)
Base Metrics: 1.9 (Low) [IPA Score] Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

Affected Products

Daisuke Minato the Minnu's filer2 version 1.40d and earlier

Impact
An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user. In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system.
Solution

Vendor Information
Daisuke Minato the Minnu's filer2 : Top Page (Japanese) the Minnu's filer2 : Vulnerability for mfiler1.40d and earlier (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#27365476
Revision History
[2008/05/21] Web page published

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution