[SA16904] Ruby Safe-Level Security Bypass Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Mac OS X Multiple Vulnerabilities (Security Update 2005-008)

The remote host is running Apple Mac OS X, but lacks Security Update 2005-008. This security update contains fixes for the following applications : - ImageIO - LibSystem - Mail - QuickDraw - Ruby - SecurityAgent - securityd C Tenable Network Security, Inc. include"compat.inc"; if description...

JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox

Impact An attacker could possibly execute an arbitrary script. Solution Products Affected Ruby 1.8.2 and earlier...

RHEL 4 : ruby (RHSA-2005:543)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2005:543 advisory. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2005:543 Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-orient...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby...

FreeBSD : ruby -- arbitrary command execution on XMLRPC server (594eb447-e398-11d9-a8bd-000cf18bbe54)

Nobuhiro IMAI reports : the default value modification on Modulepublicinstancemethods from false to true breaks s.addhandlerXMLRPC::iPIMethods'sample', MyHandler.new style security protection. This problem could allow a remote attacker to execute arbitrary commands on XMLRPC server of libruby...

FreeBSD : ruby (2119)

The following package needs to be updated: ruby %NASLMINLEVEL 70300 C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-2006 Jacques Vidrine and contributors Redistribution and use in source VuXML and 'compiled' forms SGML, HTML, PDF, PostScript...

Mandrake Linux Security Advisory : ruby (MDKSA-2005:118)

A vulnerability was discovered in ruby version 1.8 that could allow for the execution of arbitrary commands on a server running the ruby xmlrpc server. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and packa...

GLSA-200507-10 : Ruby: Arbitrary command execution through XML-RPC

The remote host is affected by the vulnerability described in GLSA-200507-10 Ruby: Arbitrary command execution through XML-RPC Nobuhiro IMAI reported that an invalid default value in 'utils.rb' causes the security protections of the XML-RPC server to fail. Impact : A remote attacker could exploit...

Ruby: Arbitrary command execution through XML-RPC

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...

Fedora Core 4 : ruby-1.8.2-7.fc4.2 (2005-475)

Wed Jun 22 2005 Akira TAGOH - 1.8.2-7.fc4.2 - ruby-1.8.2-xmlrpc-CVE-2005-1992.patch: fixed the arbitrary command execution on XMLRPC server. 161096 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

[SA15767] Ruby XMLRPC Server Arbitrary Command Execution

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Ruby XML-RPC Remote Arbitrary Command Execution

The XMLRPC server in utils.rb for the ruby library libruby 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands...

CVE-2004-0983

Ruby CGI module vulnerability CVE-2004-0983 allows remote denial of service via a crafted HTTP request. Affected are Ruby 1.6 up to 1.6.7 and Ruby 1.8 up to 1.8.1 (i.e., versions before 1.6.8 and before 1.8.2). The issue is described as causing an infinite loop and CPU consumption. Remediation is...

Fedora Core 2 : ruby-1.8.1-6.FC2.0 (2004-402)

Thu Nov 11 2004 Akira TAGOH - 1.8.1-6.FC2.0 - security fix CVE-2004-0983 - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. 138366 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted...

Ruby: Denial of Service issue

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. Ruby's CGI module can be used to build web applications. Description Ruby's developers found and fixed an issue in the CGI module that can be triggered remotely and cause an infinite loop. Impact ...

Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)

Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues CVE-2004-0755. The ruby developers have corrected a problem in the ruby CGI...

Debian DSA-537-1 : ruby - insecure file permissions

Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session's FileStore and presumably PStore, but not in Debian woody implementations store session information insecurely. They simply create files, ignoring permission issues. This c...

CVE-2004-0755

The CVE concerns Ruby CGI::Session FileStore creating session files with insecure permissions, enabling local users to read session data and hijack sessions. Technical details across connected docs confirm: FileStore writes session files with improper permissions, enabling a local information lea...