CERTVU:160012Ruby safe-level security model bypass
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.3%
Overview
Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied.
Description
Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels describe the mode of operation that is allowed on potentially tainted objects. A flaw in eval.c may result in Ruby failing to enforce the safe-level protections. This may result in arbitrary code being executed without the appropriate and intended security mechanisms applied. Specifically, if the program is passed through standard input (stdin), the safe level may be ignored and hence bypassed.
Impact
An attacker may be able to run arbitrary code without security checks being applied. An application may be designed in such a manner that this results in remote, unauthenticated arbitrary code execution.
Solution
Apply an update
Ruby 1.8.3 is the stable release that addresses this issue. Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the Ruby vulnerability note for the issue.
Vendor Information
160012
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Red Hat, Inc. __ Affected
Updated: October 18, 2005
Status
Affected
Vendor Statement
This issue affected the Ruby packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updated Ruby packages to correct this issue are available at the
URL below and by using the Red Hat Network ‘up2date’ tool.
<http://rhn.redhat.com/errata/RHSA-2005-799.html>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Ruby __ Affected
Updated: October 05, 2005
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the Ruby vulnerability note for the issue.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23160012 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.ruby-lang.org/en/20051003.html>
- <http://secunia.com/advisories/16904/>
- <http://jvn.jp/jp/JVN%2362914675/index.html>
- <http://www.rubycentral.com/book/taint.html>
Acknowledgements
Thanks to the Ruby project for reporting this vulnerability, who in turn thank Dr. Yutaka Oiwa, Research Center for Information Security, National Institute of Advanced Industrial Science and Technology for information on the issue.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-2337 |
|---|---|
| Severity Metric: | 2.57 Date Public: |
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.016 Low
EPSS
Percentile
87.3%