PT-2017-4790 · Ruby+2 · Ruby+2
Adam Mariš
·
Published
2015-10-05
·
Updated
2018-03-28
·
CVE-2009-5147
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Ruby versions 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8
Description:
The issue concerns the DL::dlopen function in Ruby, which opens libraries with tainted names. This could potentially lead to security issues, but specific details about the estimated number of affected devices or real-world incidents are not provided.
Recommendations:
For Ruby version 1.8, update to a version with the fix.
For Ruby version 1.9.0, update to a version with the fix.
For Ruby version 1.9.2, update to a version with the fix.
For Ruby version 1.9.3, update to a version with the fix.
For Ruby version 2.0.0 before patchlevel 648, update to patchlevel 648 or later.
For Ruby version 2.1 before 2.1.8, update to version 2.1.8 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Ruby
Ubuntu