The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents “security protection” using handlers, which allows remote attackers to execute arbitrary commands.
blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237
bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
secunia.com/advisories/16920/
www.auscert.org.au/5509
www.ciac.org/ciac/bulletins/p-312.shtml
www.debian.org/security/2005/dsa-748
www.kb.cert.org/vuls/id/684913
www.novell.com/linux/security/advisories/2005_18_sr.html
www.redhat.com/support/errata/RHSA-2005-543.html
www.securityfocus.com/bid/14016
www2.ruby-lang.org/en/20050701.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819