PT-2009-3283 · Ruby+1 · Ruby+1

Kurt Roeckx

Published

2009-02-18

Updated

2017-09-29

CVE-2009-0642

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ruby versions 1.8 and 1.9

Description The issue is related to the improper checking of the return value from the OCSP basic verify function in the ext/openssl/ossl ocsp.c file. This could allow remote attackers to present an invalid X.509 certificate, possibly involving a revoked certificate.

Recommendations For Ruby version 1.8, update to a version that properly checks the return value from the OCSP basic verify function. For Ruby version 1.9, update to a version that properly checks the return value from the OCSP basic verify function.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2009-0642

DSA-1860-1

RHSA-2009:1140

RHSA-2009_1140

Affected Products

Red Hat

Ruby

PT-2009-3283 · Ruby+1 · Ruby+1

CVE-2009-0642

Weakness Enumeration

Related Identifiers

Affected Products

References · 20