RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated ruby packages that fix an arbitrary command execution issue
are now available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

[Updated 25 Oct 2005] Errata has been updated to include missing
packages for Red Hat Enterprise Linux 3.

Ruby is an interpreted scripting language for object-oriented

A bug was found in the way ruby handles eval statements. It is
possible for a malicious script to call eval in such a way that can
allow the bypass of certain safe-level restrictions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-2337 to this issue.

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

See also :


Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20049 ()

Bugtraq ID: 14909

CVE ID: CVE-2005-2337