PT-2010-4054 · Ruby · Ruby
Publicado
2010-07-09
·
Atualizado
2017-08-17
·
CVE-2010-2489
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Ruby versions prior to 1.9.1-p429
Description
A buffer overflow issue exists in Ruby on Windows, potentially allowing local users to gain privileges. This occurs when a crafted
ARGF.inplace mode value is not properly handled during the construction of backup file filenames.Recommendations
For versions prior to 1.9.1-p429, update to version 1.9.1-p429 or later to resolve the issue. As a temporary workaround, consider restricting access to the
ARGF.inplace mode value to minimize the risk of exploitation.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ruby