[FREEBSD:594EB447-E398-11D9-A8BD-000CF18BBE54] ruby -- arbitrary command execution on XMLRPC server
Severity
High
Affected Packages
1
CVEs
1
Nobuhiro IMAI reports:
the default value modification on
Module#public_instance_methods (from false to true) breaks
s.add_handler(XMLRPC::iPIMethods("sample"), MyHandler.new) style
security protection.
This problem could allow a remote attacker to execute arbitrary
commands on XMLRPC server of libruby.
Package | Affected Version |
---|---|
pkg:freebsd/ruby | > 1.8.*, < 1.8.2_3 |
- ID
- FREEBSD:594EB447-E398-11D9-A8BD-000CF18BBE54
- Severity
- high
- Severity from
- CVE-2005-1992
- URL
- http://vuxml.freebsd.org/freebsd/594eb447-e398-11d9-a8bd-000cf18bbe54.html
- Published
-
2005-06-22T00:00:00
(19 years ago) - Modified
-
2005-06-23T00:00:00
(19 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237 | ||
FreeBSD VuXML | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/ruby | ruby | > 1.8.* < 1.8.2_3 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |