Lucene search

K
ubuntuUbuntuUSN-1583-1
HistorySep 26, 2012 - 12:00 a.m.

Ruby vulnerabilities

2012-09-2600:00:00
ubuntu.com
29

6.3 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

84.0%

Releases

  • Ubuntu 12.04

Packages

  • ruby1.9.1 - Interpreter of object-oriented scripting language Ruby

Details

It was discovered that Ruby incorrectly allowed untainted strings to be
modified in protective safe levels. An attacker could use this flaw to bypass
intended access restrictions. (CVE-2011-1005)

John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)

John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a machine-in-the-middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.04noarchlibruby1.9.1< 1.9.3.0-1ubuntu2.2UNKNOWN
Ubuntu12.04noarchlibruby1.9.1-dbg< 1.9.3.0-1ubuntu2.2UNKNOWN
Ubuntu12.04noarchlibtcltk-ruby1.9.1< 1.9.3.0-1ubuntu2.2UNKNOWN
Ubuntu12.04noarchruby1.9.1< 1.9.3.0-1ubuntu2.2UNKNOWN
Ubuntu12.04noarchruby1.9.1-dev< 1.9.3.0-1ubuntu2.2UNKNOWN

6.3 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.011 Low

EPSS

Percentile

84.0%