CVE-2009-4492 – Ruby 1.9.1 - WEBrick 'Terminal Escape Sequence in Logs' Command Injection
https://notcve.org/view.php?id=CVE-2009-4492
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. WEBrick v1.3.1 en Ruby v1.8.6 del patchlevel 383, v1.8.7 al patchlevel 248, v1.8.8dev, 1.9.1 al patchlevel 376, y v1.9.2dev ,escribe datos en un archivo de los sin depurar los caracteres no escribibles, lo que podría permitir a atacantes remotos modificar la ventana de título, o posiblemente ejecutar comandos de su elección o sobrescribir archivos, a través de una petición HTTP que contiene una secuencia de escape para el emulador de terminal. Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa are subject to log escape sequence injection vulnerabilities. • https://www.exploit-db.com/exploits/33489 http://secunia.com/advisories/37949 http://securitytracker.com/id?1023429 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection http://www.securityfocus.com/archive/1/508830/100/0/threaded http://www.securityfocus.com/bid/37710 http://www.ush.it/team/ush/hack_httpd_escape/adv.txt http: •
CVE-2008-2662 – ruby: Integer overflows in rb_str_buf_append()
https://notcve.org/view.php?id=CVE-2008-2662
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change. Múltiples desbordamientos de entero en la función rb_str_buf_append de Ruby 1.8.4 y anteriores, 1.8.5 antes de 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 antes de 1.9.0-2 permite a atacantes dependientes del contexto ejecutar código de su elección o provocar una denegación de servicio mediante vectores desconocidos que disparan una corrupción de memoria, un problema distinto a CVE-2008-2663, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-2664 – ruby: Unsafe use of alloca in rb_str_format()
https://notcve.org/view.php?id=CVE-2008-2664
The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption via unspecified vectors related to alloca, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. La función rb_str_format en Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230, 1.8.7 anterior a 1.8.7-p22 y 1.9.0 anterior a 1.9.0-2 permite a atacantes dependientes del contexto disparar una corrupción de memoria mediante vectores no especificados relacionados con alloca, un problema distinto a CVE-2008-2662, CVE-2008-2663 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-399: Resource Management Errors •
CVE-2008-2726 – ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
https://notcve.org/view.php?id=CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2; y (2) la función rb_ary_replace en versión 1.6.x, permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria, también se conoce como el problema "beg + rlen". NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-1145 – Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Una vulnerabilidad de salto de directorio en WEBrick en Ruby versiones 1.8 anteriores a 1.8.5-p115 y 1.8.6-p114, y versiones 1.9 hasta 1.9.0-1, cuando se ejecuta en sistemas que admiten separadores de ruta de barra invertida (\) o nombres de archivo sin distinción entre mayúsculas y minúsculas, permite a atacantes remotos acceder a archivos arbitrarios por medio de secuencias o (1) "..%5c" (barra invertida codificada) o (2) nombres de archivo que coinciden con los patrones de la opción :NondisclosureName. • https://www.exploit-db.com/exploits/5215 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29232 http://secunia.com/advisories/29357 http://secunia.com/advisories/29536 http://secunia.com/advisories/30802 http://secunia.com/advisories/31687 http://secunia.com/advisories/32371 http://support.apple.com/kb/HT2163 http://wiki.rpath.com/Advisories:rPSA • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •