Executive Summary
Summary | |
---|---|
Title | New Ruby packages fix safety bypass |
Informations | |||
---|---|---|---|
Name | DSA-860 | First vendor Publication | 2005-10-11 |
Vendor | Debian | Last vendor Modification | 2005-10-11 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions: old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1 We recommend that you upgrade your ruby packages. |
Original Source
Url : http://www.debian.org/security/2005/dsa-860 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10564 | |||
Oval ID: | oval:org.mitre.oval:def:10564 | ||
Title: | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||
Description: | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2337 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-05 (ruby) File : nvt/glsa_200510_05.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby_static File : nvt/freebsd_ruby2.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 860-1 (ruby) File : nvt/deb_860_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 862-1 (ruby1.8) File : nvt/deb_862_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 864-1 (ruby1.8) File : nvt/deb_864_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19610 | Ruby eval.c safe_level Restriction Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-799.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_1daea60a471911dab5c60004614cc33d.nasl - Type : ACT_GATHER_INFO |
2006-05-12 | Name : The remote operating system is missing a vendor-supplied patch. File : macosx_SecUpd2006-003.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-195-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-196-1.nasl - Type : ACT_GATHER_INFO |
2005-11-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-191.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-864.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-799.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-860.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-862.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200510-05.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:34:31 |
|