Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service

source: https://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server. This...

Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service

Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service source: https://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is als...

Design/Logic Flaw

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...

CVE-2006-1931

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...

CVE-2006-1931

CVE-2006-1931 affects the Ruby XMLRPC/WEBrick server where blocking sockets can cause a DoS by flooding the server with data. Findings from connected advisories show updated Ruby packages patch this issue (e.g., Debian ruby1.8 1.8.2-7sarge4, 1.8.4-3; RHSA-2006:0427/CESA updates). Remediation is t...

Ruby http/xmlrpc server DoS

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...

Ubuntu 4.10 / 5.04 / 5.10 : sudo vulnerability (USN-235-1)

Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this coul...

Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)

The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploite...

Mandrake Linux Security Advisory : sudo (MDKSA-2005:234)

Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library...

xmameOverflow-ruby.txt

!/usr/bin/ruby One of the PoC code for xmame "-lang" options. Advisory is base on : http://kerneltrap.org/node/6055 by xwings at mysec dot org url : http://www.mysec.org , new website Tested on : Linux debian24 2.4.27-2-386 1 Mon May 16 16:47:51 JST 2005 i686 GNU/Linux gcc version 4.0.3 20060104...

USN-235-2: sudo vulnerability

USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges. For referenc...

USN-235-1: sudo vulnerability

Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this coul...

Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (4)

!/usr/bin/ruby -w Version 0.1 Public snort 2.4.0 - 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit by xwings at mysec dot org URL : http://www.mysec.org , somebody need to update the page Saying Hi to .... . All the 1337 c0d3r @ pulltheplug.org . Gurus from rubylang @ freenode.net . Skywizard ...

Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote (4)

Snort 2.4.2 - Back Orifice Pre-Preprocessor Remote 4 !/usr/bin/ruby -w Version 0.1 Public snort 2.4.0 - 2.4.2 Back Orifice Pre-Preprocessor Remote Exploit by xwings at mysec dot org URL : http://www.mysec.org , somebody need to update the page Saying Hi to .... . All the 1337 c0d3r @...

Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...

Debian DSA-864-1 : ruby1.8 - programming error

Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable woody...

RHEL 4 : ruby (RHSA-2005:799)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:799 advisory. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for...

[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 864-1 [email protected] http://www.debian.org/security/ Martin Schulze October 13th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass

-------------------------------------------------------------------------- Debian Security Advisory DSA 864-1 [email protected] http://www.debian.org/security/ Martin Schulze October 13th, 2005 http://www.debian.org/security/faq -...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2005:799-01 Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include...