Lucene search

K

[email protected]CVE-2012-4466

HistoryApr 25, 2013 - 11:55 p.m.

CVE-2012-4466

2013-04-2523:55:00

CWE-264

[email protected]

web.nvd.nist.gov

47

cve-2012-4466

ruby

security

bypass

safe-level restrictions

vulnerability

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

CPENameOperatorVersion
ruby-lang:rubyruby-lang rubyeq1.8.7
ruby-lang:rubyruby-lang rubyeq2.0.0
ruby-lang:rubyruby-lang rubyeq2.0
ruby-lang:rubyruby-lang rubyeq1.9.3

References

lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html

lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html

svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068

www.mandriva.com/security/advisories?name=MDVSA-2013:124

www.openwall.com/lists/oss-security/2012/10/02/4

www.openwall.com/lists/oss-security/2012/10/03/9

www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/

bugzilla.redhat.com/show_bug.cgi?id=862614

wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

Related for CVE-2012-4466

prion4 nessus46 openvas65 seebug1 ubuntucve4 amazon2 rubygems4 cve3 veracode4 fedora9 ubuntu6 freebsd1 securityvulns5 redhat6 centos4 oraclelinux4 gentoo1