Ruby 'ARGF.inplace_mode' Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to buffer overflow vulnerability.

Impact

Successful exploitation will allows local attackers to cause buffer overflow and execute arbitrary code on the system or cause the application to crash. Impact Level: Application.

Solution

Upgrade to Ruby version 1.9.1-p429 or later, For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw caused by improper bounds checking when handling filenames on Windows systems. It is not properly validating value assigned to the 'ARGF.inplace_mode' variable.

Affected

Ruby version 1.9.x before 1.9.1-p429 on Windows.

References

http://osvdb.org/66040
http://secunia.com/advisories/40442
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_1_429/ChangeLog
http://xforce.iss.net/xforce/xfdb/60135

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2489
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
Cscope putstring Multiple Buffer Overflow vulnerability
avast! Multiple Vulnerabilities - Oct09 (Win)
Audacity Buffer Overflow Vulnerability (Linux)

Take action and discover your vulnerabilities