CVE-2005-1992 - The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that

CVE-2005-1992

Summary

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

References

Vulnerable Configurations

cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2013-04-29T04:09:03.665-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:10819

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2005:543

rpms

irb-0:1.8.1-7.EL4.1
ruby-0:1.8.1-7.EL4.1
ruby-debuginfo-0:1.8.1-7.EL4.1
ruby-devel-0:1.8.1-7.EL4.1
ruby-docs-0:1.8.1-7.EL4.1
ruby-libs-0:1.8.1-7.EL4.1
ruby-mode-0:1.8.1-7.EL4.1
ruby-tcltk-0:1.8.1-7.EL4.1

refmap via4

apple	APPLE-SA-2005-09-22
auscert	ESB-2005.0732
bid	14016
cert-vn	VU#684913
ciac	P-312
confirm	http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 http://www2.ruby-lang.org/en/20050701.html
debian	DSA-748
secunia	16920
suse	SUSE-SR:2005:018

Last major update

11-10-2017 - 01:30

Published

20-06-2005 - 04:00

Last modified

11-10-2017 - 01:30