CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-5371 – ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)
https://notcve.org/view.php?id=CVE-2012-5371
Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against a variant of the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4815. Ruby (también conocido como CRuby) v1.9 anteriores a v1.9.3-p327 y v2.0 anteriores a r37575 calcula los valores de hash sin restringir la posibilidad de provocar colisiones hash previsibles, lo que permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU) a través de la manipulación de una entrada para la aplicación que mantiene la tabla de valores hash, como lo demuestra un ataque universal multicolision contra una variante del algoritmo MurmurHash2, una vulnerabilidad diferente a CVE-2011-4815. • http://2012.appsec-forum.ch/conferences/#c17 http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf http://secunia.com/advisories/51253 http://securitytracker.com/id?1027747 http://www.ocert.org/advisories/ocert-2012-001.html http://www.osvdb.org/87280 http://www.ruby-lang.org/en/news/2012/11/09/ruby19-hashdos-cve-2012-5371 http://www.securityfocus.com/bid/56484 http://www.ubuntu.com/usn/USN-1733-1 http • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 34EXPL: 0CVE-2012-4466 – ruby: safe level bypass via name_err_mesg_to_str()
https://notcve.org/view.php?id=CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. Ruby v1.8.7 antes de patchlevel 371, v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto evitar las restricciones de seguridad de nivel y modificar cadenas untainted a través de la función de la API name_err_mesg_to_str, que marca la cadena como contaminada, una diferente vulnerabilidad a CVE-2011-1005. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://www.openwall.com/lists/oss-security/2012/10/02/4 http://www.openwall.com/lists/oss-security/2012/10/03/9 http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve- • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2011-2705 – ruby: Properly initialize the random number generator when forking new process
https://notcve.org/view.php?id=CVE-2011-2705
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. La función SecureRandom.random_bytes de lib/securerandom.rb de Ruby en versiones anteriores a 1.8.7-p352 y 1.9.x anteriores a 1.9.2-p290 se basa en valores PID para la inicialización, lo que facilita a atacantes dependientes del contexto predecir la cadena resultado utilizando el conocimiento de cadenas aleatorias obtenidas en procesos anteriores con el mismo PID. • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html http://redmine.ruby-lang.org/issues/4579 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050 http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog http://www.openwall.com/lists/oss-security/2011/07/11/1 http://www.ope • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 2%CPEs: 38EXPL: 0CVE-2011-0188 – ruby: memory corruption in BigDecimal on 64bit platforms
https://notcve.org/view.php?id=CVE-2011-0188
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." La función VpMemAlloc en bigdecimal.c en la clase BigDecimal en Ruby v1.9.2-P136 y anteriores, tal como se utiliza en Apple Mac OS X antes de vv10.6.7 y en otras plataformas, no asigna memoria adecuadamente, lo que permite a atacantes dependientes de contexto ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores que impliquen la creación de un valor BigDecimal grande dentro de un proceso de 64 bits, relacionado con un "fallo de truncado de entero". • http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://support.apple.com/kb/HT4581 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.redhat.com/support/ • CWE-189: Numeric Errors •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2011-1004 – Ruby: Symlink race condition by removing directory trees in fileutils module
https://notcve.org/view.php?id=CVE-2011-1004
The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack. El método FileUtils.remove_entry_secure de Ruby 1.8.6 hasta la versión 1.8.6-420, 1.8.7 hasta la 1.8.7-330, 1.8.8dev, 1.9.1 hasta la 1.9.1-430, 1.9.2 hasta la 1.9.2-136 y 1.9.3dev permite a usuarios locales borrar archivos de su elección a través de un enlace de ataque simbólico ("symlink attack"). • http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html http://osvdb.org/70958 http://secunia.com/advisories/43434 http://secunia.com/advisories/43573 http://support.apple.com/kb/HT5281 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.openwall.com/lists/oss-security/2011/02/21/2 h • CWE-59: Improper Link Resolution Before File Access ('Link Following') •