CVE-2005-2337

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).

References

http://jvn.jp/jp/JVN%2362914675/index.html

http://lists.apple.com/archives/security-announce/2006/May/msg00003.html

http://secunia.com/advisories/16904

http://secunia.com/advisories/17094

http://secunia.com/advisories/17098

http://secunia.com/advisories/17129

http://secunia.com/advisories/17147

http://secunia.com/advisories/17285

http://secunia.com/advisories/19130

http://secunia.com/advisories/20077

http://securityreason.com/securityalert/59

http://www.debian.org/security/2005/dsa-860

http://www.debian.org/security/2005/dsa-862

http://www.debian.org/security/2005/dsa-864

http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml

http://www.kb.cert.org/vuls/id/160012

http://www.mandriva.com/security/advisories?name=MDKSA-2005:191

http://www.novell.com/linux/security/advisories/2006_05_sr.html

http://www.redhat.com/support/errata/RHSA-2005-799.html

http://www.ruby-lang.org/en/20051003.html

http://www.securityfocus.com/bid/14909

http://www.securityfocus.com/bid/17951

http://www.securitytracker.com/alerts/2005/Sep/1014948.html

http://www.ubuntu.com/usn/usn-195-1

http://www.us-cert.gov/cas/techalerts/TA06-132A.html

http://www.vupen.com/english/advisories/2006/1779

https://exchange.xforce.ibmcloud.com/vulnerabilities/22360

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564

Details

Source: MITRE

Published: 2005-10-07

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
21860CentOS 3 / 4 : ruby (CESA-2005:799)NessusCentOS Local Security Checks
high
21394FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)NessusFreeBSD Local Security Checks
high
3617Mac OS X Multiple Vulnerabilities (Security Update 2006-003)Nessus Network MonitorOperating System Detection
medium
3616Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
21341Mac OS X Multiple Vulnerabilities (Security Update 2006-003)NessusMacOS X Local Security Checks
critical
20610Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)NessusUbuntu Local Security Checks
high
20609Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)NessusUbuntu Local Security Checks
high
3318Curl < 7.15.1 Multiple Remote OverflowsNessus Network MonitorWeb Clients
critical
3308Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Nessus Network MonitorOperating System Detection
high
20121Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)NessusMandriva Local Security Checks
high
20049RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)NessusRed Hat Local Security Checks
high
20019Debian DSA-864-1 : ruby1.8 - programming errorNessusDebian Local Security Checks
high
3256Curl NTLM Buffer OverflowNessus Network MonitorWeb Clients
medium
3255GNU WGet < 1.10.2 Buffer OverflowNessus Network MonitorWeb Clients
medium
19975GLSA-200510-05 : Ruby: Security bypass vulnerabilityNessusGentoo Local Security Checks
high
19970Debian DSA-862-1 : ruby1.6 - programming errorNessusDebian Local Security Checks
high
19968Debian DSA-860-1 : ruby - programming errorNessusDebian Local Security Checks
high
3505ClamAV < 0.88.1 Multiple Vulnerabilities (deprecated)Nessus Network MonitorWeb Clients
medium
801390Curl NTLM Buffer OverflowLog Correlation EngineWeb Clients
high
801386Curl <= 7.15.0 Multiple Remote OverflowsLog Correlation EngineWeb Clients
high
801197Quicktime < 7.1 on Mac OS X Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800798Mac OS X Multiple Vulnerabilities (Security Update 2005-009)Log Correlation EngineOperating System Detection
high