Lucene search
RedHatRHSA-2005:543HistoryAug 05, 2005 - 12:00 a.m.
(RHSA-2005:543) ruby security update
2005-08-0500:00:00
access.redhat.com
22
EPSS
0.036
Percentile
91.7%
Ruby is an interpreted scripting language for object-oriented programming.
A bug was found in the way Ruby launched an XMLRPC server. If an XMLRPC
server is launched in a certain way, it becomes possible for a remote
attacker to execute arbitrary commands within the XMLRPC server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-1992 to this issue.
Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | s390 | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.s390.rpm |
| RedHat | any | i386 | ruby | < 1.8.1-7.EL4.1 | ruby-1.8.1-7.EL4.1.i386.rpm |
| RedHat | any | ppc | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.ppc.rpm |
| RedHat | any | i386 | ruby-devel | < 1.8.1-7.EL4.1 | ruby-devel-1.8.1-7.EL4.1.i386.rpm |
| RedHat | any | ia64 | ruby-docs | < 1.8.1-7.EL4.1 | ruby-docs-1.8.1-7.EL4.1.ia64.rpm |
| RedHat | any | x86_64 | ruby-devel | < 1.8.1-7.EL4.1 | ruby-devel-1.8.1-7.EL4.1.x86_64.rpm |
| RedHat | any | ia64 | ruby-tcltk | < 1.8.1-7.EL4.1 | ruby-tcltk-1.8.1-7.EL4.1.ia64.rpm |
| RedHat | any | ppc | ruby-mode | < 1.8.1-7.EL4.1 | ruby-mode-1.8.1-7.EL4.1.ppc.rpm |
| RedHat | any | ppc | ruby-libs | < 1.8.1-7.EL4.1 | ruby-libs-1.8.1-7.EL4.1.ppc.rpm |
| RedHat | any | ppc | ruby-docs | < 1.8.1-7.EL4.1 | ruby-docs-1.8.1-7.EL4.1.ppc.rpm |
Related
cert
cert
Ruby library contains vulnerable default value
2005-10-03 00:00:00
openvas
openvas
FreeBSD Ports: ruby, ruby_static
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200507-10 (ruby)
2008-09-24 00:00:00
Debian: Security Advisory (DSA-748-1)
2008-01-17 00:00:00
cve
cve
CVE-2005-1992
2005-06-20 04:00:00
ubuntucve
ubuntucve
CVE-2005-1992
2005-06-20 00:00:00
cvelist
cvelist
CVE-2005-1992
2005-06-20 04:00:00
nvd
nvd
CVE-2005-1992
2005-06-20 04:00:00
ubuntu
ubuntu
Ruby vulnerability
2005-06-29 00:00:00
nessus
nessus
RHEL 4 : ruby (RHSA-2005:543)
2005-08-07 00:00:00
FreeBSD : ruby -- arbitrary command execution on XMLRPC server (594eb447-e398-11d9-a8bd-000cf18bbe54)
2005-07-13 00:00:00
Fedora Core 4 : ruby-1.8.2-7.fc4.2 (2005-475)
2005-06-28 00:00:00
centos
centos
irb, ruby security update
2005-08-05 14:56:45
debian
debian
[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution
2005-07-11 11:44:31
[SECURITY] [DSA 748-1] New ruby1.8 packages fix arbitrary command execution
2005-07-11 11:44:31
gentoo
gentoo
Ruby: Arbitrary command execution through XML-RPC
2005-07-11 00:00:00
freebsd
freebsd
ruby -- arbitrary command execution on XMLRPC server
2005-06-22 00:00:00