Vulnerabilities > CVE-2005-2337 - Unspecified vulnerability in Yukihiro Matsumoto Ruby
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-195-1.NASL description The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploited to execute Ruby code beyond the restrictions specified in each safe level. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20609 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20609 title Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-799.NASL description Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue. Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20049 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20049 title RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-864.NASL description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1 last seen 2020-06-01 modified 2020-06-02 plugin id 20019 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20019 title Debian DSA-864-1 : ruby1.8 - programming error NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2006-003.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2006-003. This security update contains fixes for the following applications : AppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari last seen 2020-06-01 modified 2020-06-02 plugin id 21341 published 2006-05-12 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21341 title Mac OS X Multiple Vulnerabilities (Security Update 2006-003) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1DAEA60A471911DAB5C60004614CC33D.NASL description Ruby home page reports : The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms : safe level and taint flag on objects. A vulnerability has been found that allows bypassing these mechanisms. By using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code. last seen 2020-06-01 modified 2020-06-02 plugin id 21394 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21394 title FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-191.NASL description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20121 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20121 title Mandrake Linux Security Advisory : ruby (MDKSA-2005:191) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-862.NASL description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1 last seen 2020-06-01 modified 2020-06-02 plugin id 19970 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19970 title Debian DSA-862-1 : ruby1.6 - programming error NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-196-1.NASL description Ulf Harnhammar discovered a format string vulnerability in the CDDB module last seen 2020-06-01 modified 2020-06-02 plugin id 20610 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20610 title Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-860.NASL description Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions : old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1 last seen 2020-06-01 modified 2020-06-02 plugin id 19968 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19968 title Debian DSA-860-1 : ruby - programming error NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200510-05.NASL description The remote host is affected by the vulnerability described in GLSA-200510-05 (Ruby: Security bypass vulnerability) Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. Impact : An attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19975 published 2005-10-11 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19975 title GLSA-200510-05 : Ruby: Security bypass vulnerability NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-799.NASL description Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. [Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue. Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21860 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21860 title CentOS 3 / 4 : ruby (CESA-2005:799)
Oval
accepted | 2013-04-29T04:06:43.465-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10564 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||
rpms |
|
References
- http://jvn.jp/jp/JVN%2362914675/index.html
- http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
- http://secunia.com/advisories/16904
- http://secunia.com/advisories/17094
- http://secunia.com/advisories/17098
- http://secunia.com/advisories/17129
- http://secunia.com/advisories/17147
- http://secunia.com/advisories/17285
- http://secunia.com/advisories/19130
- http://secunia.com/advisories/20077
- http://securityreason.com/securityalert/59
- http://www.debian.org/security/2005/dsa-860
- http://www.debian.org/security/2005/dsa-862
- http://www.debian.org/security/2005/dsa-864
- http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml
- http://www.kb.cert.org/vuls/id/160012
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:191
- http://www.novell.com/linux/security/advisories/2006_05_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-799.html
- http://www.ruby-lang.org/en/20051003.html
- http://www.securityfocus.com/bid/14909
- http://www.securityfocus.com/bid/17951
- http://www.securitytracker.com/alerts/2005/Sep/1014948.html
- http://www.ubuntu.com/usn/usn-195-1
- http://www.us-cert.gov/cas/techalerts/TA06-132A.html
- http://www.vupen.com/english/advisories/2006/1779
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22360
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564