Ruby includes a vulnerable default value that may be used to bypass security restrictions and execute arbitrary code.
Ruby is vulnerable to an attack on applications using the XML-RPC services via XMLRPC.iPIMethods, due to an insecure default value in
utils.rb. Any program or application using the XML-RPC services provided by XMLRPC.iPIMethods may be affected. Due to the vulnerability occurring in code that is typically used to provide remote services, this may allow a remote attacker to execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply an update
Please see the Ruby XMLRPC.iPIMethods Vulnerability note for more information, or contact your vendor for an update.
Vendor| Status| Date Notified| Date Updated
Red Hat, Inc.| | -| 18 Oct 2005
Ruby| | -| 03 Oct 2005
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
Thanks to Nobuhiro IMAI for reporting this vulnerability.
This document was written by Ken MacInnis.