PT-2011-2809 · Ruby+1 · Ruby+1

Urabe Shyouhei

Publicado

2011-03-02

Atualizado

2013-08-13

CVE-2011-1005

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8.6 through 1.8.6-420 Ruby versions 1.8.7 through 1.8.7-330 Ruby version 1.8.8dev

Description The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to s method. This could be used to change an intended pathname.

Recommendations For Ruby versions 1.8.6 through 1.8.6-420, consider updating to a version outside of this range to mitigate the risk. For Ruby versions 1.8.7 through 1.8.7-330, consider updating to a version outside of this range to mitigate the risk. For Ruby version 1.8.8dev, consider avoiding the use of the Exception#to s method until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2011-1005

RHSA-2011:0908

RHSA-2011:0909

RHSA-2011:0910

RHSA-2011_0908

RHSA-2011_0909

RHSA-2011_0910

Produtos afetados

Red Hat

Ruby

PT-2011-2809 · Ruby+1 · Ruby+1

CVE-2011-1005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32