Lucene search
RubySecRUBY:RUBY-2008-3655HistoryAug 07, 2008 - 8:00 p.m.
Ruby multiple insufficient safe mode restrictions
2008-08-0720:00:00
RubySec
rubysec.com
12
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71,
and 1.9 through r18423 does not properly restrict access to critical
variables and methods at various safe levels, which allows context-dependent
attackers to bypass intended access restrictions via (1) untrace_var, (2)
$PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at
safe levels 1 through 3.
Affected configurations
Node
rubyrubyRange1.8.6.286–1.8.7.0
ORrubyrubyRange1.8.7.71–1.8.8.0
ORrubyrubyRange<1.9.0
Related
cvelist
cvelist
CVE-2008-3655
2008-08-13 01:00:00
nvd
nvd
CVE-2008-3655
2008-08-13 01:41:00
prion
prion
Design/Logic Flaw
2008-08-13 01:41:00
exploitdb
exploitdb
Ruby 1.9 - Safe Level Multiple Function Restriction Bypass
2008-08-11 00:00:00
Ruby 1.9 dl - Module DL.dlopen Arbitrary Library Access
2008-08-11 00:00:00
veracode
veracode
Access Control Bypass
2020-04-10 00:26:04
ubuntucve
ubuntucve
CVE-2008-3655
2008-08-12 00:00:00
cve
cve
CVE-2008-3655
2008-08-13 01:41:00
nessus
nessus
RHEL 2.1 : ruby (RHSA-2008:0895)
2008-10-22 00:00:00
Oracle Linux 3 : ruby (ELSA-2008-0896)
2013-07-12 00:00:00
openvas
openvas
RedHat Update for ruby RHSA-2008:0895-02
2009-03-06 00:00:00
RedHat Update for ruby RHSA-2008:0895-02
2009-03-06 00:00:00
CentOS Update for ruby CESA-2008:0895-02 centos2 i386
2009-02-27 00:00:00
redhat
redhat
(RHSA-2008:0895) Moderate: ruby security update
2008-10-21 00:00:00
(RHSA-2008:0896) Moderate: ruby security update
2008-10-21 00:00:00
(RHSA-2008:0897) Moderate: ruby security update
2008-10-21 00:00:00
centos
centos
irb, ruby security update
2008-10-22 04:31:37
irb, ruby security update
2008-10-21 16:06:28
irb, ruby security update
2008-10-24 00:04:31
freebsd
freebsd
ruby -- DoS vulnerability in WEBrick
2008-08-08 00:00:00
ruby -- multiple vulnerabilities in safe level
2008-08-08 00:00:00
oraclelinux
oraclelinux
ruby security update
2008-10-21 00:00:00
ruby security update
2008-10-21 00:00:00
debian
debian
[SECURITY] [DSA 1652-1] New ruby1.9 packages fix several vulnerabilities
2008-10-12 09:37:58
[SECURITY] [DSA 1651-1] New ruby1.8 packages fix several vulnerabilities
2008-10-12 09:36:52
osv
osv
ruby1.9 - several vulnerabilities
2008-10-12 00:00:00
ruby1.8 - several vulnerabilities
2008-10-12 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2008-10-10 00:00:00
suse
suse
remote code execution in dhcp-client
2009-07-15 16:27:03
gentoo
gentoo
Ruby: Multiple vulnerabilities
2008-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: ruby-1.8.6.287-2.fc9
2008-10-09 21:29:45
[SECURITY] Fedora 8 Update: ruby-1.8.6.287-2.fc8
2008-10-09 21:35:31
securityvulns
securityvulns
About the security content of Security Update 2009-002 / Mac OS X v10.5.7
2009-05-14 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related for RUBY:RUBY-2008-3655