7.5

CVE-2008-3657

Exploit
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ruby-langRuby Version <= 1.8.5
Ruby-langRuby Version1.6.8
Ruby-langRuby Version1.8.0
Ruby-langRuby Version1.8.1
Ruby-langRuby Version1.8.1 Update-9
Ruby-langRuby Version1.8.2
Ruby-langRuby Version1.8.2 Updatepreview2
Ruby-langRuby Version1.8.2 Updatepreview3
Ruby-langRuby Version1.8.2 Updatepreview4
Ruby-langRuby Version1.8.3
Ruby-langRuby Version1.8.3 Updatepreview1
Ruby-langRuby Version1.8.3 Updatepreview2
Ruby-langRuby Version1.8.3 Updatepreview3
Ruby-langRuby Version1.8.4
Ruby-langRuby Version1.8.4 Updatepreview1
Ruby-langRuby Version1.8.4 Updatepreview2
Ruby-langRuby Version1.8.4 Updatepreview3
Ruby-langRuby Version1.8.5 Updatep11
Ruby-langRuby Version1.8.5 Updatep113
Ruby-langRuby Version1.8.5 Updatep115
Ruby-langRuby Version1.8.5 Updatep12
Ruby-langRuby Version1.8.5 Updatep2
Ruby-langRuby Version1.8.5 Updatep35
Ruby-langRuby Version1.8.5 Updatepreview1
Ruby-langRuby Version1.8.5 Updatepreview2
Ruby-langRuby Version1.8.5 Updatepreview3
Ruby-langRuby Version1.8.5 Updatepreview4
Ruby-langRuby Version1.8.5 Updatepreview5
Ruby-langRuby Version1.8.6
Ruby-langRuby Version1.8.6 Updatep110
Ruby-langRuby Version1.8.6 Updatep114
Ruby-langRuby Version1.8.6 Updatepreview1
Ruby-langRuby Version1.8.6 Updatepreview2
Ruby-langRuby Version1.8.6 Updatepreview3
Ruby-langRuby Version1.8.7
Ruby-langRuby Version1.8.7 Updatep17
Ruby-langRuby Version1.8.7 Updatep22
Ruby-langRuby Version1.8.7 Updatep71
Ruby-langRuby Version1.8.7 Updatepreview1
Ruby-langRuby Version1.8.7 Updatepreview2
Ruby-langRuby Version1.8.7 Updatepreview3
Ruby-langRuby Version1.8.7 Updatepreview4
Ruby-langRuby Version1.9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.67% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
Vendor Advisory
http://support.apple.com/kb/HT3549
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Vendor Advisory
http://secunia.com/advisories/32371
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0897.html
http://secunia.com/advisories/33178
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
http://secunia.com/advisories/31430
Vendor Advisory
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
http://www.vupen.com/english/advisories/2008/2334
Vendor Advisory
http://secunia.com/advisories/32219
Vendor Advisory
https://usn.ubuntu.com/651-1/
http://secunia.com/advisories/31697
Vendor Advisory
http://secunia.com/advisories/32165
Vendor Advisory
http://secunia.com/advisories/32255
Vendor Advisory
http://secunia.com/advisories/32256
Vendor Advisory
http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264
http://www.debian.org/security/2008/dsa-1651
http://www.debian.org/security/2008/dsa-1652
http://www.securityfocus.com/archive/1/495884/100/0/threaded
http://www.securityfocus.com/bid/30644
Patch
Exploit
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
http://www.securitytracker.com/id?1020652
https://exchange.xforce.ibmcloud.com/vulnerabilities/44372
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793