CVE-2009-5147 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names. DL::dlopen en Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 en versiones anteriores a patchlevel 648, y 2.1 en versiones anteriores a 2.1.8 abre librerías con nombres contaminados. • https://github.com/vpereira/CVE-2009-5147 https://github.com/zhangyongbo100/-Ruby-dl-handle.c-CVE-2009-5147- http://seclists.org/oss-sec/2015/q3/222 http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://bugzilla.redhat.com/show_bug.cgi?id=1248935 https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551 https: • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •
CVE-2016-2336
https://notcve.org/view.php?id=CVE-2016-2336
Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. Existe un tipo de confusión en dos métodos de la clase WIN32OLE de Ruby, ole_invoke y ole_query_interface. El atacante que pasa un diferente tipo de objeto del que es asumido por los desarrolladores puede provocar la ejecución de código arbitrario. • http://www.talosintelligence.com/reports/TALOS-2016-0029 •
CVE-2016-2337
https://notcve.org/view.php?id=CVE-2016-2337
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. Existe un tipo de confusión en el método de clase _cancel_eval Ruby's TclTkIp. El atacante que pasa un tipo diferente de objeto que una String como argumento "retval" puede provocar la ejecución de código arbitrario. • http://www.securityfocus.com/bid/91233 http://www.talosintelligence.com/reports/TALOS-2016-0031 https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html https://security.gentoo.org/glsa/201710-18 •
CVE-2016-2339
https://notcve.org/view.php?id=CVE-2016-2339
An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow. Existe una vulnerabilidad explotable de desbordamiento de memoria dinámica en la funcionalidad Fiddle::Function.new "initialize" de Ruby. En Fiddle::Function.new "initialize" la ubicación "arg_types" de la memoria dinámica del búfer se hace en base a la longitud de los args array. • http://www.securityfocus.com/bid/91234 http://www.talosintelligence.com/reports/TALOS-2016-0034 https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7551 – ruby: DL:: dlopen could open a library with tainted library name
https://notcve.org/view.php?id=CVE-2015-7551
The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles tainting, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string, related to the DL module and the libffi library. NOTE: this vulnerability exists because of a CVE-2009-5147 regression. La implementación Fiddle::Handle en ext/fiddle/handle.c en Ruby en versiones anteriores a 2.0.0-p648, 2.1 en versiones anteriores a 2.1.8 y 2.2 en versiones anteriores a 2.2.4, según se distribuye en Apple OS X en versiones anteriores a 10.11.4 y otros productos, no maneja correctamente el tainting, lo que permite a atacantes dependientes del contexto ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una cadena manipulada, relacionado con el módulo DL y la librería libffi. NOTA: esta vulnerabilidad existe por una regresión de CVE-2009-5147. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796344 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796551 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/76060 https://access.redhat.com/errata/RHSA-2018:0583 https://github.com/ruby/ruby/commit/339e11a7f178312d937b7c95dd3115ce7236597a https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7551.h • CWE-20: Improper Input Validation CWE-267: Privilege Defined With Unsafe Actions •