Ruby '#to_s' Security Bypass Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to security bypass vulnerability.

Impact

Successful exploitation allows attackers to bypass certain security restrictions and perform unauthorized actions. Impact Level: Application.

Solution

Upgrade to Ruby version 1.8.7-334 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw is due to the error in 'Exception#to_s' method, which trick safe level mechanism and destructively modifies an untaitned string to be tainted.

Affected

Ruby version 1.8.6 through 1.8.6 patchlevel 420 Ruby version 1.8.7 through 1.8.7 patchlevel 330 Ruby version 1.8.8dev

References

http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
https://bugzilla.redhat.com/show_bug.cgi?id=678920

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1005
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe Reader Multiple Vulnerabilities - Aug07 (Windows)
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Windows)

Take action and discover your vulnerabilities