Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
BID:29903
Info
Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
| Bugtraq ID: | 29903 |
| Class: | Unknown |
| CVE: |
CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 23 2008 12:00AM |
| Updated: | Apr 13 2015 09:34PM |
| Credit: | Drew Yao of Apple Product Security |
| Vulnerable: |
Yukihiro Matsumoto Ruby 1.9 -1 Yukihiro Matsumoto Ruby 1.9 Yukihiro Matsumoto Ruby 1.8.7 -p21 Yukihiro Matsumoto Ruby 1.8.7 Yukihiro Matsumoto Ruby 1.8.6 -p229 Yukihiro Matsumoto Ruby 1.8.6 -p114 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumoto Ruby 1.8.5 -p230 Yukihiro Matsumoto Ruby 1.8.5 -p2 Yukihiro Matsumoto Ruby 1.8.5 -p115 Yukihiro Matsumoto Ruby 1.8.5 Yukihiro Matsumoto Ruby 1.8.4 Yukihiro Matsumoto Ruby 1.8.3 Yukihiro Matsumoto Ruby 1.8.2 pre4 Yukihiro Matsumoto Ruby 1.8.2 pre3 Yukihiro Matsumoto Ruby 1.8.2 pre2 Yukihiro Matsumoto Ruby 1.8.2 pre1 Yukihiro Matsumoto Ruby 1.8.2 Yukihiro Matsumoto Ruby 1.8.1 Yukihiro Matsumoto Ruby 1.8 Yukihiro Matsumoto Ruby 1.6.8 Yukihiro Matsumoto Ruby 1.6.7 Yukihiro Matsumoto Ruby 1.6 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 lpia Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SP3 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP2 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SP2 SuSE SUSE Linux Enterprise SDK 10 SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP2 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE SUSE Linux Enterprise 10 SP2 DEBUGINFO SuSE SUSE Linux Enterprise 10 SP1 DEBUGINFO SuSE Linux Desktop 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SuSE Linux Open-Xchange 4.1 S.u.S.E. SUSE Linux Enterprise Server RT Solution 10 0 S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 S.u.S.E. openSUSE 10.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 X86 64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 X86 64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 rPath rPath Linux 2 rPath rPath Linux 1 rPath Appliance Platform Linux Service 2 rPath Appliance Platform Linux Service 1 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.5 |
| Not Vulnerable: |
Yukihiro Matsumoto Ruby 1.9 -2 Yukihiro Matsumoto Ruby 1.8.7 -p22 Yukihiro Matsumoto Ruby 1.8.6 -p230 Yukihiro Matsumoto Ruby 1.8.5 -p231 Apple Mac OS X Server 10.5.4 Apple Mac OS X 10.5.4 |
Discussion
Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
Ruby is prone to multiple vulnerabilities including four integer-overflow issues and an issue caused by insecure memory-allocation use of 'alloca()'.
Successful exploits allow attackers to run arbitrary code in the context of applications implemented with Ruby. Failed exploit attempts may result in denial-of-service conditions.
Ruby is prone to multiple vulnerabilities including four integer-overflow issues and an issue caused by insecure memory-allocation use of 'alloca()'.
Successful exploits allow attackers to run arbitrary code in the context of applications implemented with Ruby. Failed exploit attempts may result in denial-of-service conditions.
Exploit / POC
Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
Solution:
The vendor has released updates. Please see the references for more information.
Yukihiro Matsumoto Ruby 1.6
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.8.1
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre4
Yukihiro Matsumoto Ruby 1.8.2 pre3
Yukihiro Matsumoto Ruby 1.8.5 -p115
Yukihiro Matsumoto Ruby 1.8.5 -p2
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.7
Solution:
The vendor has released updates. Please see the references for more information.
Yukihiro Matsumoto Ruby 1.6
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.6.8
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.1
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.2 pre2
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.2 pre4
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.2 pre3
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.5 -p115
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.5 -p2
-
Yukihiro Matsumoto ruby-1.8.5-p231.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz
Yukihiro Matsumoto Ruby 1.8.6
-
Yukihiro Matsumoto ruby-1.8.6-p230.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz
Yukihiro Matsumoto Ruby 1.8.7
-
Yukihiro Matsumoto ruby-1.8.7-p22.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz
References
Ruby Multiple Array and String Handling Functions Multiple Arbitrary Code Execution Vulnerabilities
References:
References:
- Bugzilla Bug 450821: CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append (Red Hat)
- Bugzilla Bug 450825: CVE-2008-2663 ruby: Integer overflows in rb_ary_store() (Red Hat)
- Bugzilla Bug 450834: CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format( (Red Hat)
- Bugzilla Bug 451821: CVE-2008-2725 ruby: integer overflow in rb_ary_splice() (r (Red Hat)
- Bugzilla Bug 451828: CVE-2008-2726 ruby: integer overflow in rb_ary_splice() (r (Red Hat)
- About the security content of Security Update 2008-004 and Mac OS X 10.5.4 (Apple)
- Arbitrary code execution vulnerabilities (Ruby)
- Ruby Homepage (Yukihiro Matsumoto)
- RHSA-2008:0561-7 Moderate: ruby security update (Red Hat)
- RHSA-2008:0562-5 Moderate: ruby security update (Red Hat)