Ruby eval.c safe_level Restriction Bypass

2005-09-22T20:43:22
ID OSVDB:19610
Type osvdb
Reporter OSVDB
Modified 2005-09-22T20:43:22

Description

Solution Description

Upgrade to version 1.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

References:

Vendor URL: http://www.ruby-lang.org/ Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1014948 Secunia Advisory ID:17129 Secunia Advisory ID:19130 Secunia Advisory ID:17285 Secunia Advisory ID:17098 Secunia Advisory ID:17335 Secunia Advisory ID:16904 Secunia Advisory ID:17147 RedHat RHSA: RHSA-2005:799 Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml Other Advisory URL: http://www.ubuntu.com/usn/usn-195-1 Other Advisory URL: http://jvn.jp/jp/JVN%2362914675/243894/index.html Other Advisory URL: http://www.debian.org/security/2005/dsa-860 CVE-2005-2337