Published:2006/03/01  Last Updated:2008/05/21

JVN#27365476
Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview

The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2.

Products Affected

  • the Minnu's filer2 version 1.40d and earlier

Description

Impact

An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user.
In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
Daisuke Minato Vulnerable 2006/03/01

References

JPCERT/CC Addendum

Credit

Kazuhiro Nishiyama reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2006-000606

Update History