Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0561

The remote host is missing updates announced in
advisory RHSA-2008:0561.

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,
CVE-2008-2725, CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in
the format (%) method of the String class without properly restricting
maximum string length. An attacker could use this flaw to crash a Ruby
application or, possibly, execute arbitrary code with the privileges of the
Ruby application using long, untrusted strings as format strings.

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

Users of Ruby should upgrade to these updated packages, which contain a
backported patch to resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2662
BugTraq ID: 29903
Bugtraq: 20080626 rPSA-2008-0206-1 ruby (Google Search)
Debian Security Information: DSA-1612 (Google Search)
Debian Security Information: DSA-1618 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
XForce ISS Database: ruby-rbstrbufappend-code-execution(43345)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2663
XForce ISS Database: ruby-rbarystore-code-execution(43346)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2664
XForce ISS Database: ruby-rbstrformat-code-execution(43348)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2725
XForce ISS Database: ruby-rbarysplice-code-execution(43350)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2726
XForce ISS Database: ruby-rbarysplice-begrlen-code-execution(43351)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2376
Bugtraq: 20080708 rPSA-2008-0218-1 ruby (Google Search)
Cert/CC Advisory: TA08-260A
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.