Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2376

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2376
Last Modified 07 Mar 2011 10:09:05
Published 08 Jul 2008 08:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2376

Summary

Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.6.230


References

CERT - TA08-260A

FEDORA - FEDORA-2008-6094

CONFIRM - https://issues.rpath.com/browse/RPL-2639

VUPEN - ADV-2008-2584

UBUNTU - USN-651-1

BUGTRAQ - 20080708 rPSA-2008-0218-1 ruby

REDHAT - RHSA-2008:0561

MLIST - [oss-security] 20080702 More ruby integer overflows (rb_ary_fill / Array#fill)

MANDRIVA - MDVSA-2008:142

MANDRIVA - MDVSA-2008:141

MANDRIVA - MDVSA-2008:140

DEBIAN - DSA-1618

DEBIAN - DSA-1612

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0218

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0218

GENTOO - GLSA-200812-17

SECUNIA - 33178

SECUNIA - 32219

SECUNIA - 31256

SECUNIA - 31181

SECUNIA - 31090

SECUNIA - 31062

SECUNIA - 31006

SECUNIA - 30927

APPLE - APPLE-SA-2008-09-15

Related Patches

Apple 2008-09-15 Security Update 2008-006 (PPC)

Apple 2008-09-15 Security Update 2008-006 Server (PPC)

Apple 2008-09-15 Mac OS X 10.5.5 Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Combo Update

Apple 2008-09-15 Mac OS X Server 10.5.5 Update

Apple 2008-09-15 Security Update 2008-006 (Intel)

Apple 2008-09-15 Mac OS X 10.5.5 Combo Update

Apple 2008-09-15 Security Update 2008-006 Server (Intel)


Last Updated: 27 May 2016 10:47:50