Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1992

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-1992
Last Modified 21 Aug 2013 12:42:43
Published 20 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-1992

Summary

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Vulnerable Systems

Application

  • Yukihiro Matsumoto Ruby 1.8


References

CERT-VN - VU#684913

CONFIRM - http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

CONFIRM - http://www2.ruby-lang.org/en/20050701.html

BID - 14016

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

REDHAT - RHSA-2005:543

SUSE - SUSE-SR:2005:018

DEBIAN - DSA-748

CIAC - P-312

AUSCERT - ESB-2005.0732

SECUNIA - 16920

APPLE - APPLE-SA-2005-09-22


Last Updated: 27 May 2016 10:40:22