PT-2017-4790 · Ruby+2 · Ruby+2
Adam Mariš
·
Publicado
2015-10-05
·
Atualizado
2018-03-28
·
CVE-2009-5147
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Ruby versions 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8
Description:
The issue concerns the DL::dlopen function in Ruby, which opens libraries with tainted names. This could potentially lead to security issues, but specific details about the estimated number of affected devices or real-world incidents are not provided.
Recommendations:
For Ruby version 1.8, update to a version with the fix.
For Ruby version 1.9.0, update to a version with the fix.
For Ruby version 1.9.2, update to a version with the fix.
For Ruby version 1.9.3, update to a version with the fix.
For Ruby version 2.0.0 before patchlevel 648, update to patchlevel 648 or later.
For Ruby version 2.1 before 2.1.8, update to version 2.1.8 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Ruby
Ubuntu