Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4522

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4522
Last Modified 03 May 2013 11:20:45
Published 24 Nov 2012 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4522

Summary

The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.9.3

  • Ruby-lang Ruby 2.0.0


References

CONFIRM - http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/

MLIST - [oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character

MLIST - [oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character

MLIST - [oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character

MISC - http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163

FEDORA - FEDORA-2012-16086

FEDORA - FEDORA-2012-16071

REDHAT - RHSA-2013:0129

Related Patches

Red Hat 2013:0129-01 RHSA Moderate: ruby security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 10:58:30