ID CVE-2005-2337
Summary Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2
CVSS
Base: 7.5 (as of 10-10-2005 - 16:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-860.NASL
    description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19968
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19968
    title Debian DSA-860-1 : ruby - programming error
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-799.NASL
    description Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue. Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20049
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20049
    title RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200510-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200510-05 (Ruby: Security bypass vulnerability) Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. Impact : An attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 19975
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19975
    title GLSA-200510-05 : Ruby: Security bypass vulnerability
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-191.NASL
    description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20121
    published 2005-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20121
    title Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-196-1.NASL
    description Ulf Harnhammar discovered a format string vulnerability in the CDDB module's cache file handling in the Xine library, which is used by packages such as xine-ui, totem-xine, and gxine. By tricking an user into playing a particular audio CD which has a specially crafted CDDB entry, a remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user running the application. Since CDDB servers usually allow anybody to add and modify information, this exploit does not even require a particular CDDB server to be selected. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 20610
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20610
    title Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1DAEA60A471911DAB5C60004614CC33D.NASL
    description Ruby home page reports : The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms : safe level and taint flag on objects. A vulnerability has been found that allows bypassing these mechanisms. By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21394
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21394
    title FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-799.NASL
    description Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue. Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21860
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21860
    title CentOS 3 / 4 : ruby (CESA-2005:799)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2006-003.NASL
    description The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 21341
    published 2006-05-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21341
    title Mac OS X Multiple Vulnerabilities (Security Update 2006-003)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-862.NASL
    description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19970
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19970
    title Debian DSA-862-1 : ruby1.6 - programming error
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-195-1.NASL
    description The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploited to execute Ruby code beyond the restrictions specified in each safe level. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20609
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20609
    title Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-864.NASL
    description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 20019
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20019
    title Debian DSA-864-1 : ruby1.8 - programming error
oval via4
accepted 2013-04-29T04:06:43.465-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
family unix
id oval:org.mitre.oval:def:10564
status accepted
submitted 2010-07-09T03:56:16-04:00
title Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
version 23
redhat via4
advisories
rhsa
id RHSA-2005:799
refmap via4
apple APPLE-SA-2006-05-11
bid
  • 14909
  • 17951
cert TA06-132A
cert-vn VU#160012
confirm http://www.ruby-lang.org/en/20051003.html
debian
  • DSA-860
  • DSA-862
  • DSA-864
gentoo GLSA-200510-05
mandriva MDKSA-2005:191
misc http://jvn.jp/jp/JVN%2362914675/index.html
sectrack 1014948
secunia
  • 16904
  • 17094
  • 17098
  • 17129
  • 17147
  • 17285
  • 19130
  • 20077
sreason 59
suse SUSE-SR:2006:005
ubuntu USN-195-1
vupen ADV-2006-1779
xf ruby-eval-security-bypass(22360)
Last major update 07-03-2011 - 21:24
Published 07-10-2005 - 19:02
Last modified 10-10-2017 - 21:30
Back to Top