Executive Summary
Summary | |
---|---|
Title | ruby security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0562 | First vendor Publication | 2008-07-14 |
Vendor | RedHat | Last vendor Modification | 2008-07-14 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 218287 - CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS 450825 - CVE-2008-2663 ruby: Integer overflows in rb_ary_store() 450834 - CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format() 451821 - CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N 451828 - CVE-2008-2726 ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen 453589 - CVE-2008-2376 ruby: integer overflows in rb_ary_fill() / Array#fill |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0562.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-399 | Resource Management Errors |
17 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10524 | |||
Oval ID: | oval:org.mitre.oval:def:10524 | ||
Title: | Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Description: | Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2663 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10529 | |||
Oval ID: | oval:org.mitre.oval:def:10529 | ||
Title: | The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | ||
Description: | The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-6303 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17484 | |||
Oval ID: | oval:org.mitre.oval:def:17484 | ||
Title: | USN-621-1 -- ruby1.8 vulnerabilities | ||
Description: | Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-621-1 CVE-2008-2662 CVE-2008-2663 CVE-2008-2725 CVE-2008-2726 CVE-2008-2664 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20201 | |||
Oval ID: | oval:org.mitre.oval:def:20201 | ||
Title: | DSA-1612-1 ruby1.8 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1612-1 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20314 | |||
Oval ID: | oval:org.mitre.oval:def:20314 | ||
Title: | DSA-1618-1 ruby1.9 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1618-1 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.9 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21762 | |||
Oval ID: | oval:org.mitre.oval:def:21762 | ||
Title: | ELSA-2008:0561: ruby security update (Moderate) | ||
Description: | Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0561-01 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376 | Version: | 29 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28980 | |||
Oval ID: | oval:org.mitre.oval:def:28980 | ||
Title: | RHSA-2008:0561 -- ruby security update (Moderate) | ||
Description: | Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0561 CESA-2008:0561-CentOS 5 CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7871 | |||
Oval ID: | oval:org.mitre.oval:def:7871 | ||
Title: | DSA-1612 ruby1.8 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1612 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7922 | |||
Oval ID: | oval:org.mitre.oval:def:7922 | ||
Title: | DSA-1618 ruby1.9 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1618 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9606 | |||
Oval ID: | oval:org.mitre.oval:def:9606 | ||
Title: | Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Description: | Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2725 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9646 | |||
Oval ID: | oval:org.mitre.oval:def:9646 | ||
Title: | The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Description: | The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2664 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9863 | |||
Oval ID: | oval:org.mitre.oval:def:9863 | ||
Title: | Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. | ||
Description: | Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2376 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9959 | |||
Oval ID: | oval:org.mitre.oval:def:9959 | ||
Title: | Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Description: | Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2726 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.5 Update / Security Update 2008-006 File : nvt/macosx_upd_10_5_5_secupd_2008-006.nasl |
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for Ruby File : nvt/sles9p5033480.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5009168.nasl |
2009-04-09 | Name : Mandriva Update for ruby MDVSA-2008:141 (ruby) File : nvt/gb_mandriva_MDVSA_2008_141.nasl |
2009-04-09 | Name : Mandriva Update for ruby MDVSA-2008:140 (ruby) File : nvt/gb_mandriva_MDVSA_2008_140.nasl |
2009-03-23 | Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 File : nvt/gb_ubuntu_USN_651_1.nasl |
2009-03-23 | Name : Ubuntu Update for ruby1.8 vulnerabilities USN-621-1 File : nvt/gb_ubuntu_USN_621_1.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0561-01 File : nvt/gb_RHSA-2008_0561-01_ruby.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0562-01 File : nvt/gb_RHSA-2008_0562-01_ruby.nasl |
2009-02-27 | Name : CentOS Update for ruby CESA-2008:0562-01 centos2 i386 File : nvt/gb_CESA-2008_0562-01_ruby_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0562 centos3 i386 File : nvt/gb_CESA-2008_0562_irb_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0562 centos3 x86_64 File : nvt/gb_CESA-2008_0562_irb_centos3_x86_64.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-6094 File : nvt/gb_fedora_2008_6094_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-8738 File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-6033 File : nvt/gb_fedora_2008_6033_ruby_fc9.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-5664 File : nvt/gb_fedora_2008_5664_ruby_fc9.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-5649 File : nvt/gb_fedora_2008_5649_ruby_fc8.nasl |
2008-12-23 | Name : Gentoo Security Advisory GLSA 200812-17 (ruby) File : nvt/glsa_200812_17.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200612-21 (ruby) File : nvt/glsa_200612_21.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma File : nvt/freebsd_ruby6.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby File : nvt/freebsd_ruby5.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1612-1 (ruby1.8) File : nvt/deb_1612_1.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1618-1 (ruby1.9) File : nvt/deb_1618_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-179-01 ruby File : nvt/esoft_slk_ssa_2008_179_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46691 | Ruby rb_ary_fill() Function Overflow |
46554 | Ruby rb_ary_splice Function Overflow (beg + rlen) A buffer overflow exists in Ruby. The rb_ary_splice function fails to validate unspecified data resulting in an integer overflow. With a specially crafted request, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
46553 | Ruby rb_ary_splice Function REALLOC_N Overflow |
46552 | Ruby rb_str_format Function Unspecified Memory Corruption |
46551 | Ruby rb_ary_store Function Multiple Overflows |
34238 | Ruby cgi.rb read_multipart Function Crafted HTTP Request DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0562.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0561.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0961.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080714_ruby_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071113_ruby_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0561.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12214.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11442.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ruby-080729.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-140.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-141.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0961.nasl - Type : ACT_GATHER_INFO |
2008-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_5.nasl - Type : ACT_GATHER_INFO |
2008-09-16 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-006.nasl - Type : ACT_GATHER_INFO |
2008-08-22 | Name : The remote openSUSE host is missing a security update. File : suse_ruby-5483.nasl - Type : ACT_GATHER_INFO |
2008-08-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-5484.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1618.nasl - Type : ACT_GATHER_INFO |
2008-07-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1612.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0562.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0562.nasl - Type : ACT_GATHER_INFO |
2008-07-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0561.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6094.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6033.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-621-1.nasl - Type : ACT_GATHER_INFO |
2008-07-02 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-179-01.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-06-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5649.nasl - Type : ACT_GATHER_INFO |
2008-06-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5664.nasl - Type : ACT_GATHER_INFO |
2008-06-24 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_538021643f7e11dd90ea0019666436c2.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-2654.nasl - Type : ACT_GATHER_INFO |
2007-11-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0961.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-394-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ruby-2655.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2007-005.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-225.nasl - Type : ACT_GATHER_INFO |
2006-12-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200612-21.nasl - Type : ACT_GATHER_INFO |
2006-12-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_a8674c1483d711db88d50012f06707f0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:47 |
|