CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby-lang | ruby | 1.9.0-0 | cpe:2.3:a:ruby-lang:ruby:1.9.0-0:*:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.0-1 | cpe:2.3:a:ruby-lang:ruby:1.9.0-1:*:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.0-2 | cpe:2.3:a:ruby-lang:ruby:1.9.0-2:*:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.0-20060415 | cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415:*:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.0-20070709 | cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709:*:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.1 | cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.1 | cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.1 | cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.1 | cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376:*:*:*:*:*:* |
ruby-lang | ruby | 1.9.1 | cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429:*:*:*:*:*:* |
osdir.com/ml/ruby-talk/2010-07/msg00095.html
secunia.com/advisories/40442
svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog
svn.ruby-lang.org/repos/ruby/tags/v1_9_2_rc1/ChangeLog
www.openwall.com/lists/oss-security/2010/07/02/1
www.openwall.com/lists/oss-security/2010/07/02/10
www.osvdb.org/66040
www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/
www.securityfocus.com/bid/41321
exchange.xforce.ibmcloud.com/vulnerabilities/60135