Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2663

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-2663
Last Modified 07 Mar 2011 10:09:34
Published 24 Jun 2008 03:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2663

Summary

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.5-p230

  • Ruby-lang Ruby 1.8.6-p229

  • Ruby-lang Ruby 1.8.7-p21

  • Ruby-lang Ruby 1.9.0-1


References

CONFIRM - http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

MISC - http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

FEDORA - FEDORA-2008-5649

CONFIRM - https://issues.rpath.com/browse/RPL-2626

XF - ruby-rbarystore-code-execution(43346)

MISC - http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

VUPEN - ADV-2008-1981

VUPEN - ADV-2008-1907

UBUNTU - USN-621-1

SECTRACK - 1020347

BID - 29903

BUGTRAQ - 20080626 rPSA-2008-0206-1 ruby

MISC - http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

MISC - http://www.ruby-forum.com/topic/157034

REDHAT - RHSA-2008:0561

MISC - http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

MANDRIVA - MDVSA-2008:142

MANDRIVA - MDVSA-2008:141

MANDRIVA - MDVSA-2008:140

DEBIAN - DSA-1618

DEBIAN - DSA-1612

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

MISC - http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

CONFIRM - http://support.apple.com/kb/HT2163

SLACKWARE - SSA:2008-179-01

GENTOO - GLSA-200812-17

SECUNIA - 33178

SECUNIA - 31687

SECUNIA - 31256

SECUNIA - 31181

SECUNIA - 31090

SECUNIA - 31062

SECUNIA - 30894

SECUNIA - 30875

SECUNIA - 30867

SECUNIA - 30831

SECUNIA - 30802

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2008-06-30

Related Patches

Apple 2008-06-30 Security Update 2008-004 (PPC)

Apple 2008-06-30 Security Update 2008-004 Server (PPC)

Apple 2008-06-30 Security Update 2008-004 (Intel)

Apple 2008-06-30 Mac OS X Server 10.5.4 Combo Update

Apple 2008-06-30 Mac OS X 10.5.4 Update

Apple 2008-06-30 Security Update 2008-004 Server (Intel)

Apple 2008-06-30 Mac OS X Server 10.5.4 Update

Apple 2008-06-30 Mac OS X 10.5.4 Combo Update


Last Updated: 27 May 2016 10:47:56