Computer Security
[EN] securityvulns.ru no-pyccku


Ruby restrictions bypass
Published:15.10.2012
Source:
SecurityVulns ID:12642
Type:library
Threat Level:
5/10
Description:Untainted strings modification is possible.
Affected:RUBY : ruby 1.8
CVE:CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.)
 CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.)
Original documentdocumentUBUNTU, [USN-1603-1] Ruby vulnerabilities (15.10.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod