CVE 2004-0755
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
See the 
CVE page on Mitre.org
for more details.
