| |||||||||||||
| Test ID: | 1.3.6.1.4.1.25623.1.0.801375 |
| Category: | Buffer overflow |
| Title: | Ruby 'ARGF.inplace_mode' Buffer Overflow Vulnerability |
| Summary: | Check for the version of Ruby |
| Description: | Overview: This host is installed with Ruby and is prone to buffer overflow vulnerability. Vulnerability Insight: The flaw caused by improper bounds checking when handling filenames on Windows systems. It is not properly validating value assigned to the 'ARGF.inplace_mode' variable. Impact: Successful exploitation will allows local attackers to cause buffer overflow and execute arbitrary code on the system or cause the application to crash. Impact Level: Application. Affected Software: Ruby version 1.9.x before 1.9.1-p429 on Windows. Fix:Upgrade to Ruby version 1.9.1-p429 or later, For updates refer to http://rubyforge.org/frs/?group_id=167 References: http://osvdb.org/66040 http://secunia.com/advisories/40442 http://xforce.iss.net/xforce/xfdb/60135 http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog |
| Cross-Ref: |
BugTraq ID: 41321 Common Vulnerability Exposure (CVE) ID: CVE-2010-2489 http://www.openwall.com/lists/oss-security/2010/07/02/1 http://www.openwall.com/lists/oss-security/2010/07/02/10 http://osdir.com/ml/ruby-talk/2010-07/msg00095.html http://www.securityfocus.com/bid/41321 http://www.osvdb.org/66040 http://secunia.com/advisories/40442 XForce ISS Database: ruby-argfinplacemode-bo(60135) http://xforce.iss.net/xforce/xfdb/60135 |
| Copyright | Copyright (C) 2010 Greenbone Networks GmbH |
| This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2013 E-Soft Inc. All rights reserved.