Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2008:0562

The remote host is missing updates announced in
advisory RHSA-2008:0562.

Ruby is an interpreted scripting language for quick and easy
object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725,

It was discovered that Ruby used the alloca() memory allocation function in
the format (%) method of the String class without properly restricting
maximum string length. An attacker could use this flaw to crash a Ruby
application or, possibly, execute arbitrary code with the privileges of the
Ruby application using long, untrusted strings as format strings.

Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP
requests. A remote attacker could send a specially crafted request and
cause the Ruby CGI script to enter an infinite loop, possibly causing a
denial of service. (CVE-2006-6303)

Users of Ruby should upgrade to these updated packages, which contain a
backported patches to resolve these issues.

Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

Risk factor : Critical

CVSS Score:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2663
BugTraq ID: 29903
Bugtraq: 20080626 rPSA-2008-0206-1 ruby (Google Search)
Debian Security Information: DSA-1612 (Google Search)
Debian Security Information: DSA-1618 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:017 (Google Search)
XForce ISS Database: ruby-rbarystore-code-execution(43346)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2664
XForce ISS Database: ruby-rbstrformat-code-execution(43348)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2725
XForce ISS Database: ruby-rbarysplice-code-execution(43350)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2726
XForce ISS Database: ruby-rbarysplice-begrlen-code-execution(43351)
Common Vulnerability Exposure (CVE) ID: CVE-2006-6303
BugTraq ID: 21441
SuSE Security Announcement: SUSE-SR:2007:004 (Google Search)
XForce ISS Database: ruby-cgi-library-dos(30734)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2376
Bugtraq: 20080708 rPSA-2008-0218-1 ruby (Google Search)
Cert/CC Advisory: TA08-260A
CopyrightCopyright (c) 2008 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.