RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated ruby packages that fix an arbitrary command execution issue
are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

[Updated 25 Oct 2005] Errata has been updated to include missing
packages for Red Hat Enterprise Linux 3.

Ruby is an interpreted scripting language for object-oriented
programming.

A bug was found in the way ruby handles eval statements. It is
possible for a malicious script to call eval in such a way that can
allow the bypass of certain safe-level restrictions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-2337 to this issue.

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-2337.html
http://rhn.redhat.com/errata/RHSA-2005-799.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20049 ()

Bugtraq ID:

CVE ID: CVE-2005-2337