ruby -- multiple vulnerabilities in safe level

ID C329712A-6B5B-11DD-9D79-001FC61C2A55
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


The official ruby site reports:

Several vulnerabilities in safe level have been discovereds:.

untrace_var is permitted at safe level 4; $PROGRAM_NAME may be modified at safe level 4; insecure methods may be called at safe level 1-3; syslog operations are permitted at safe level 4; dl doesn't check taintness, so it could allow attackers to call dangerous functions.