CVE-2005-2337 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2005-2337
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2337

Description: Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/22360 UBUNTU http://www.ubuntu.com/usn/usn-195-1 SUSE http://www.novell.com/linux/security/advisories/2006_05_sr.html ST 1014948 SREASON http://securityreason.com/securityalert/59 SAID Secunia Advisory: SA16904 Secunia Advisory: SA17094 Secunia Advisory: SA17129 Secunia Advisory: SA17147 Secunia Advisory: SA17285 Secunia Advisory: SA19130 Secunia Advisory: SA17098 Secunia Advisory: SA20077 REDHAT http://www.redhat.com/support/errata/RHSA-2005-799.html MISC http://jvn.jp/jp/JVN%2362914675/index.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2005:191 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml DEBIAN http://www.debian.org/security/2005/dsa-864 http://www.debian.org/security/2005/dsa-862 http://www.debian.org/security/2005/dsa-860 CONFIRM http://www.ruby-lang.org/en/20051003.html CERT-VN 160012 CERT http://www.us-cert.gov/cas/techalerts/TA06-132A.html BID 17951 14909 APPLE http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

Return to the previous page.