[FREEBSD:594EB447-E398-11D9-A8BD-000CF18BBE54] ruby -- arbitrary command execution on XMLRPC server

Severity High

Affected Packages 1

CVEs 1

Nobuhiro IMAI reports:

  the default value modification on
    Module#public_instance_methods (from false to true) breaks
    s.add_handler(XMLRPC::iPIMethods("sample"), MyHandler.new) style
    security protection.
  This problem could allow a remote attacker to execute arbitrary
    commands on XMLRPC server of libruby.

Package	Affected Version
pkg:freebsd/ruby	> 1.8.*, < 1.8.2_3

ID

FREEBSD:594EB447-E398-11D9-A8BD-000CF18BBE54

Severity

high

Severity from

CVE-2005-1992

URL

http://vuxml.freebsd.org/freebsd/594eb447-e398-11d9-a8bd-000cf18bbe54.html

Published

2005-06-22T00:00:00
(19 years ago)

Modified

2005-06-23T00:00:00
(19 years ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237
FreeBSD VuXML			http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/ruby		ruby	> 1.8.* < 1.8.2_3

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date