Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2337

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-2337
Last Modified 07 Mar 2011 09:24:07
Published 07 Oct 2005 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2337

Summary

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

Vulnerable Systems

Application

  • Yukihiro Matsumoto Ruby 1.6

  • Yukihiro Matsumoto Ruby 1.6.1

  • Yukihiro Matsumoto Ruby 1.6.2

  • Yukihiro Matsumoto Ruby 1.6.3

  • Yukihiro Matsumoto Ruby 1.6.4

  • Yukihiro Matsumoto Ruby 1.6.5

  • Yukihiro Matsumoto Ruby 1.6.6

  • Yukihiro Matsumoto Ruby 1.6.7

  • Yukihiro Matsumoto Ruby 1.8

  • Yukihiro Matsumoto Ruby 1.8.1

  • Yukihiro Matsumoto Ruby 1.8.2 Pre1

  • Yukihiro Matsumoto Ruby 1.8.2 Pre2


References

CERT - TA06-132A

CERT-VN - VU#160012

CONFIRM - http://www.ruby-lang.org/en/20051003.html

SECUNIA - 16904

XF - ruby-eval-security-bypass(22360)

VUPEN - ADV-2006-1779

UBUNTU - USN-195-1

SECTRACK - 1014948

BID - 17951

BID - 14909

REDHAT - RHSA-2005:799

SUSE - SUSE-SR:2006:005

MANDRIVA - MDKSA-2005:191

GENTOO - GLSA-200510-05

DEBIAN - DSA-864

DEBIAN - DSA-862

DEBIAN - DSA-860

SECUNIA - 20077

SECUNIA - 19130

SECUNIA - 17285

SECUNIA - 17147

SECUNIA - 17129

SECUNIA - 17098

SECUNIA - 17094

APPLE - APPLE-SA-2006-05-11

MISC - http://jvn.jp/jp/JVN%2362914675/index.html

SREASON - 59

Related Patches

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (PPC)

Apple 2006-05-11 Security Update 2006-003 Mac OS X 10.4.6 Client (Intel)

Apple 2006-05-11 Security Update 2006-003 (10.4.6 Server)


Last Updated: 27 May 2016 10:40:28