RubyGems 0.9.0 and earlier installation exploit

Problem Description:

RubyGems does not check installation paths for gems before writing files.


Since RubyGems packages are typically installed using root permissions, arbitrary files may be overwritten on-disk. This may lead to denial of service, privilege escalation or remote compromise.


No known workarounds


a) Upgrade to RubyGems 0.9.1

b) Apply one of the following patches

For RubyGems 0.9.0:

installer.rb.extract_files.REL_0_9_0.patch (1.21 KB)

installer.rb.extract_files.REL_0_8_11.patch (1.36 KB)