Description: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.
1) An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
2) An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.
The vulnerabilities have been reported in version 1.8.4 and prior.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: The vulnerabilities have been fixed in a snapshot version and will also be fixed in the upcoming 1.8.5 version.
Provided and/or discovered by: Reported by the vendor.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.