Vulnerabilities > CVE-2009-4492 - Unspecified vulnerability in Ruby-Lang Webrick 1.3.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ruby-lang
nessus
exploit available

Summary

WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
2

Exploit-Db

descriptionRuby 1.9.1 WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability. CVE-2009-4492 . Remote exploits for multiple platform
idEDB-ID:33489
last seen2016-02-03
modified2010-01-11
published2010-01-11
reporterevilaliv3
sourcehttps://www.exploit-db.com/download/33489/
titleRuby <= 1.9.1 WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201001-09.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201001-09 (Ruby: Terminal Control Character Injection) Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instance when handling HTTP logs. Impact : A remote attacker could send a specially crafted HTTP request to a WEBrick server to inject arbitrary terminal control characters, possibly resulting in the execution of arbitrary commands, data loss, or other unspecified impact. This could also be used to facilitate other attacks. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id44898
    published2010-02-25
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/44898
    titleGLSA-201001-09 : Ruby: Terminal Control Character Injection
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-900-1.NASL
    descriptionEmmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. (CVE-2009-4124) Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. (CVE-2009-4492) It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10. (CVE-2009-1904). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id44640
    published2010-02-17
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44640
    titleUbuntu 8.10 / 9.04 / 9.10 : ruby1.9 vulnerabilities (USN-900-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0533.NASL
    descriptionA secrity vulnerability is found on WEBrick module in Ruby currently shipped on Fedora 11 that WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id47190
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47190
    titleFedora 11 : ruby-1.8.6.383-6.fc11 (2010-0533)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0908.NASL
    descriptionFrom Red Hat Security Advisory 2011:0908 : Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68297
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68297
    titleOracle Linux 4 : ruby (ELSA-2011-0908)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0909.NASL
    descriptionFrom Red Hat Security Advisory 2011:0909 : Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id68298
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68298
    titleOracle Linux 5 : ruby (ELSA-2011-0909)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0909.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55451
    published2011-06-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55451
    titleRHEL 5 : ruby (RHSA-2011:0909)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110628_RUBY_ON_SL5_X.NASL
    descriptionRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61076
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61076
    titleScientific Linux Security Update : ruby on SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0909.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67085
    published2013-06-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67085
    titleCentOS 5 : ruby (CESA-2011:0909)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-017.NASL
    descriptionA vulnerability has been found and corrected in ruby : WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window
    last seen2020-06-01
    modified2020-06-02
    plugin id44061
    published2010-01-20
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44061
    titleMandriva Linux Security Advisory : ruby (MDVSA-2010:017)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110628_RUBY_ON_SL4_X.NASL
    descriptionRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id61075
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61075
    titleScientific Linux Security Update : ruby on SL4.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0908.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55450
    published2011-06-29
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55450
    titleRHEL 4 : ruby (RHSA-2011:0908)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0908.NASL
    descriptionUpdated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55837
    published2011-08-15
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/55837
    titleCentOS 4 : ruby (CESA-2011:0908)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-110517.NASL
    descriptionThe following several security issues of ruby have been fixed : - A race condition allowing local users to delete arbitrary files. (CVE-2011-1004) - Exception methods could bypass safe mode. (CVE-2011-1005) - webrick does not sanitize non-printable characters in log. (CVE-2009-4492) - A webrick cross-site scripting issue. (CVE-2010-0541) - A memory corruption in the BigDecimal class (CVE-2011-0188)
    last seen2020-06-01
    modified2020-06-02
    plugin id54921
    published2011-05-31
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/54921
    titleSuSE 11.1 Security Update : ruby (SAT Patch Number 4585)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-0530.NASL
    descriptionA secrity vulnerability is found on WEBrick module in Ruby currently shipped on Fedora 12 that WEBrick lets attackers to inject malicious escape sequences to its logs, making it possible for dangerous control characters to be executed on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id47189
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/47189
    titleFedora 12 : ruby-1.8.6.383-6.fc12 (2010-0530)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/85018/log-inject.txt
idPACKETSTORM:85018
last seen2016-12-05
published2010-01-11
reporterFrancesco Ongaro
sourcehttps://packetstormsecurity.com/files/85018/Nginx-Varnish-Cherokee-etc-Log-Injection.html
titleNginx, Varnish, Cherokee, etc Log Injection

Redhat

advisories
  • rhsa
    idRHSA-2011:0908
  • rhsa
    idRHSA-2011:0909
rpms
  • irb-0:1.8.1-16.el4
  • ruby-0:1.8.1-16.el4
  • ruby-debuginfo-0:1.8.1-16.el4
  • ruby-devel-0:1.8.1-16.el4
  • ruby-docs-0:1.8.1-16.el4
  • ruby-libs-0:1.8.1-16.el4
  • ruby-mode-0:1.8.1-16.el4
  • ruby-tcltk-0:1.8.1-16.el4
  • ruby-0:1.8.5-19.el5_6.1
  • ruby-debuginfo-0:1.8.5-19.el5_6.1
  • ruby-devel-0:1.8.5-19.el5_6.1
  • ruby-docs-0:1.8.5-19.el5_6.1
  • ruby-irb-0:1.8.5-19.el5_6.1
  • ruby-libs-0:1.8.5-19.el5_6.1
  • ruby-mode-0:1.8.5-19.el5_6.1
  • ruby-rdoc-0:1.8.5-19.el5_6.1
  • ruby-ri-0:1.8.5-19.el5_6.1
  • ruby-tcltk-0:1.8.5-19.el5_6.1

Statements

contributorTomas Hoger
lastmodified2010-01-21
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4492 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.