CVE-2008-3657

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.5 and earlier Ruby versions 1.8.6 through 1.8.6-p286 Ruby versions 1.8.7 through 1.8.7-p71 Ruby versions 1.9 through r18423 libruby1.9-dbg (affected versions not specified) libruby1.9 (affected versions not specified) ri1.9 (affected versions not specified)

Description The issue concerns multiple vulnerabilities in the Ruby package, which can lead to a disruption of protected information. These vulnerabilities can be exploited remotely. Specifically, the dl module in Ruby does not check the "taintness" of inputs, allowing context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

Recommendations For Ruby versions 1.8.5 and earlier, update to a version that checks "taintness" of inputs. For Ruby versions 1.8.6 through 1.8.6-p286, update to a version that checks "taintness" of inputs. For Ruby versions 1.8.7 through 1.8.7-p71, update to a version that checks "taintness" of inputs. For Ruby versions 1.9 through r18423, update to a version that checks "taintness" of inputs. For libruby1.9-dbg, libruby1.9, and ri1.9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.