ruby -- arbitrary command execution on XMLRPC server

ID 594EB447-E398-11D9-A8BD-000CF18BBE54
Type freebsd
Reporter FreeBSD
Modified 2005-11-06T00:00:00


Nobuhiro IMAI reports:

the default value modification on Module#public_instance_methods (from false to true) breaks s.add_handler(XMLRPC::iPIMethods("sample"), style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby.