CVE-2012-4481

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.

References

http://rhn.redhat.com/errata/RHSA-2013-0129.html

http://rhn.redhat.com/errata/RHSA-2013-0612.html

http://www.mandriva.com/security/advisories?name=MDVSA-2013:124

http://www.openwall.com/lists/oss-security/2012/10/05/4

https://bugzilla.redhat.com/show_bug.cgi?id=863484

https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294

Details

Source: MITRE

Published: 2013-05-02

Updated: 2014-02-12

Type: CWE-264

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
80755Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)NessusSolaris Local Security Checks
medium
79980GLSA-201412-27 : Ruby: Denial of ServiceNessusGentoo Local Security Checks
high
69732Amazon Linux AMI : ruby (ALAS-2013-173)NessusAmazon Linux Local Security Checks
medium
68782Oracle Linux 6 : ruby (ELSA-2013-0612)NessusOracle Linux Local Security Checks
medium
68700Oracle Linux 5 : ruby (ELSA-2013-0129)NessusOracle Linux Local Security Checks
medium
66136Mandriva Linux Security Advisory : ruby (MDVSA-2013:124)NessusMandriva Local Security Checks
medium
65166CentOS 6 : ruby (CESA-2013:0612)NessusCentOS Local Security Checks
medium
65094Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)NessusScientific Linux Local Security Checks
medium
65085RHEL 6 : ruby (RHSA-2013:0612)NessusRed Hat Local Security Checks
medium
63603Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
medium
63574CentOS 5 : ruby (CESA-2013:0129)NessusCentOS Local Security Checks
medium
63410RHEL 5 : ruby (RHSA-2013:0129)NessusRed Hat Local Security Checks
medium
62660Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)NessusUbuntu Local Security Checks
medium
62497Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ruby1.8 vulnerabilities (USN-1603-1)NessusUbuntu Local Security Checks
medium