JVN#27365476
Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution
Overview
The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2.
Products Affected
- the Minnu's filer2 version 1.40d and earlier
Description
Impact
An attacker could take over a user's account, steal the user's information or delete it, or exploit the resources available to the user.
In particular, if the Minnu's filer2 is run with the administrative privilege, an attacker could take over the entire system.
Solution
References
JPCERT/CC Addendum
Credit
Kazuhiro Nishiyama reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000606 |