Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1904

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-1904
Last Modified 21 Aug 2010 01:32:57
Published 11 Jun 2009 05:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1904

Summary

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.6

  • Ruby-lang Ruby 1.8.7


References

CONFIRM - http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/

CONFIRM - http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby/

CONFIRM - http://redmine.ruby-lang.org/issues/show/794

CONFIRM - http://github.com/NZKoz/bigdecimal-segfault-fix/tree/master

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532689

FEDORA - FEDORA-2009-13066

CONFIRM - https://bugs.launchpad.net/bugs/cve/2009-1904

CONFIRM - https://bugs.launchpad.net/bugs/385436

XF - ruby-bigdecimal-dos(51032)

VUPEN - ADV-2009-1563

UBUNTU - USN-805-1

SECTRACK - 1022371

BID - 35278

CONFIRM - http://www.ruby-forum.com/topic/189071

REDHAT - RHSA-2009:1140

MANDRIVA - MDVSA-2009:160

CONFIRM - http://support.apple.com/kb/HT4077

SLACKWARE - SSA:2009-170-02

GENTOO - GLSA-200906-02

SECUNIA - 37705

SECUNIA - 35937

SECUNIA - 35699

SECUNIA - 35593

SECUNIA - 35527

SECUNIA - 35399

OSVDB - 55031

MLIST - [pkgsrc-changes] 20090610 CVS commit: pkgsrc/lang/ruby18-base

APPLE - APPLE-SA-2010-03-29-1

MLIST - [rubyonrails-security] 20090610 DoS Vulnerability in Ruby (CVE-2009-1904)

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=273213


Last Updated: 27 May 2016 10:50:42