 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.801375 |
| Category: | Buffer overflow |
| Title: | Ruby 'ARGF.inplace_mode' Buffer Overflow Vulnerability |
| Summary: | Ruby is prone to a buffer overflow vulnerability. |
| Description: | Summary: Ruby is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw caused by improper bounds checking when handling filenames on Windows systems. It is not properly validating value assigned to the 'ARGF.inplace_mode' variable. Vulnerability Impact: Successful exploitation will allow local attackers to cause buffer overflow and execute arbitrary code on the system or cause the application to crash. Affected Software/OS: Ruby version 1.9.x before 1.9.1-p429 on Windows. Solution: Upgrade to Ruby version 1.9.1-p429 or later. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-2489 BugTraq ID: 41321 http://www.securityfocus.com/bid/41321 http://www.openwall.com/lists/oss-security/2010/07/02/1 http://www.openwall.com/lists/oss-security/2010/07/02/10 http://osdir.com/ml/ruby-talk/2010-07/msg00095.html http://www.osvdb.org/66040 http://secunia.com/advisories/40442 XForce ISS Database: ruby-argfinplacemode-bo(60135) https://exchange.xforce.ibmcloud.com/vulnerabilities/60135 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |