| Vulnerability Name: | CVE-2005-2337 (CCN-22360) | ||||||||||||||||||||||||||||
| Assigned: | 2005-09-21 | ||||||||||||||||||||||||||||
| Published: | 2005-09-21 | ||||||||||||||||||||||||||||
| Updated: | 2017-10-11 | ||||||||||||||||||||||||||||
| Summary: | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||||||||||||||||||
| References: | Source: CCN Type: Ruby FTP Web page ruby-1.8.3 Source: MITRE Type: CNA CVE-2005-2337 Source: MISC Type: UNKNOWN http://jvn.jp/jp/JVN%2362914675/index.html Source: APPLE Type: UNKNOWN APPLE-SA-2006-05-11 Source: CCN Type: RHSA-2005-799 ruby security update Source: CCN Type: SA16904 Ruby Safe-Level Security Bypass and Server Classes Denial of Service Source: SECUNIA Type: Patch, Vendor Advisory 16904 Source: SECUNIA Type: UNKNOWN 17094 Source: SECUNIA Type: Vendor Advisory 17098 Source: SECUNIA Type: Vendor Advisory 17129 Source: SECUNIA Type: Vendor Advisory 17147 Source: SECUNIA Type: Vendor Advisory 17285 Source: SECUNIA Type: Vendor Advisory 19130 Source: CCN Type: SA20077 Mac OS X Security Update Fixes Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 20077 Source: SREASON Type: UNKNOWN 59 Source: CCN Type: SECTRACK ID: 1014948 Ruby State Error May Let Users Bypass Safe Level Restrictions Source: DEBIAN Type: UNKNOWN DSA-860 Source: DEBIAN Type: UNKNOWN DSA-862 Source: DEBIAN Type: Vendor Advisory DSA-864 Source: DEBIAN Type: DSA-860 ruby -- programming error Source: DEBIAN Type: DSA-862 ruby1.6 -- programming error Source: DEBIAN Type: DSA-864 ruby1.8 -- programming error Source: CCN Type: GLSA-200510-05 Ruby: Security bypass vulnerability Source: GENTOO Type: UNKNOWN GLSA-200510-05 Source: CCN Type: US-CERT VU#160012 Ruby safe-level security model bypass Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#160012 Source: MANDRIVA Type: Vendor Advisory MDKSA-2005:191 Source: SUSE Type: UNKNOWN SUSE-SR:2006:005 Source: REDHAT Type: UNKNOWN RHSA-2005:799 Source: CONFIRM Type: Patch, Vendor Advisory http://www.ruby-lang.org/en/20051003.html Source: BID Type: UNKNOWN 14909 Source: CCN Type: BID-14909 Yukihiro Matsumoto Ruby SAFE Level Restriction Bypass Vulnerability Source: BID Type: UNKNOWN 17951 Source: CCN Type: BID-17951 Apple Mac OS X Security Update 2006-003 Multiple Vulnerabilities Source: SECTRACK Type: UNKNOWN 1014948 Source: CCN Type: USN-195-1 Ruby vulnerability Source: UBUNTU Type: UNKNOWN USN-195-1 Source: CERT Type: US Government Resource TA06-132A Source: VUPEN Type: UNKNOWN ADV-2006-1779 Source: XF Type: UNKNOWN ruby-eval-security-bypass(22360) Source: XF Type: UNKNOWN ruby-eval-security-bypass(22360) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10564 Source: SUSE Type: SUSE-SR:2006:005 SUSE Security Summary Report | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||