[Japanese]

JVNDB-2006-000606

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview

The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 1.9 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Daisuke Minato
  • the Minnu's filer2 version 1.40d and earlier

Impact

An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user.
In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system.
Solution

Vendor Information

Daisuke Minato
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#27365476
Revision History

  • [2008/05/21]
      Web page published

Date Public2006/03/01
Date First Published2008/05/21
Date Last Updated2008/05/21