Mandriva Linux Security Advisory : ruby (MDVSA-2008:140)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities have been found in the Ruby interpreter and
in Webrick, the webserver bundled with Ruby.

Directory traversal vulnerability in WEBrick in Ruby 1.9.0 and
earlier, when using NTFS or FAT filesystems, allows remote attackers
to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b
(encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20
(encoded space) character in the URI, possibly related to the
WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new
functionality and the :DocumentRoot option. (CVE-2008-1891)

Multiple integer overflows in the rb_str_buf_append function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow
context-dependent attackers to execute arbitrary code or cause a
denial of service via unknown vectors that trigger memory corruption.
(CVE-2008-2662)

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4
and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and
1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute
arbitrary code or cause a denial of service via unknown vectors.
(CVE-2008-2663)

The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before
1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0
before 1.9.0-2 allows context-dependent attackers to trigger memory
corruption via unspecified vectors related to alloca. (CVE-2008-2664)

Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7
before 1.8.7-p22 allows context-dependent attackers to trigger memory
corruption via unspecified vectors, aka the REALLOC_N variant.
(CVE-2008-2725)

Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and
earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7
before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent
attackers to trigger memory corruption, aka the beg + rlen issue.
(CVE-2008-2726)

Integer overflow in the rb_ary_fill function in array.c in Ruby before
revision 17756 allows context-dependent attackers to cause a denial of
service (crash) or possibly have unspecified other impact via a call
to the Array#fill method with a start (aka beg) argument greater than
ARY_MAX_SIZE. (CVE-2008-2376)

The updated packages have been patched to fix these issues.

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 36689 (mandriva_MDVSA-2008-140.nasl)

Bugtraq ID: 29903
30036

CVE ID: CVE-2008-1891
CVE-2008-2376
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now