CVE-2008-2726 – ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen
https://notcve.org/view.php?id=CVE-2008-2726
Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Un desbordamiento de enteros en la función (1) rb_ary_splice en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2; y (2) la función rb_ary_replace en versión 1.6.x, permite a los atacantes dependiendo del contexto desencadenar una corrupción en la memoria, también se conoce como el problema "beg + rlen". NOTA: a partir de 20080624, ha habido un uso incoherente de varios identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-2663 – ruby: Integer overflows in rb_ary_store()
https://notcve.org/view.php?id=CVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change. Múltiples desbordamientos de entero en la función rb_ary_store de Ruby 1.8.4 y anteriores, 1.8.5 anterior a 1.8.5-p231, 1.8.6 anterior a 1.8.6-p230 y 1.8.7 anterior a 1.8.7-p22 permite a atacantes dependientes del contexto ejecutar código de su elección mediante vectores desconocidos, un problema distinto a CVE-2008-2662, CVE-2008-2664 y CVE-2008-2725. NOTA: a fecha de 24-06-2008, ha habido un uso inconsistente de múltiples identificadores CVE relacionados con Ruby. • http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/30802 http://secunia.com/advisories/30831 http://secunia.com/advisories/30867 http://secunia.com/advisories/30875 http://secunia.com/advisories/30894 http://secunia.com/advisories/31062 http://secunia • CWE-190: Integer Overflow or Wraparound •
CVE-2008-1891
https://notcve.org/view.php?id=CVE-2008-1891
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary CGI files via a trailing (1) + (plus), (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or (5) %20 (encoded space) character in the URI, possibly related to the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new functionality and the :DocumentRoot option. Una vulnerabilidad de salto de directorio en WEBrick en Ruby versión 1.8.4 y anteriores, versión 1.8.5 anterior a 1.8.5-p231, versión 1.8.6 anterior a 1.8.6-p230, versión 1.8.7 anterior a 1.8.7-p22, y versión 1.9.0 anterior a 1.9.0-2, cuando se utilizan sistemas de archivos NTFS o FAT, permite a los atacantes remotos leer archivos CGI arbitrarios por medio de un trailing (1) + (más), (2) %2b (más codificado), (3) . (punto), (4) %2e (punto codificado) o (5) %20 (espacio codificado) en el URI, posiblemente relacionado con la función WEBrick::HTTPServlet::FileHandler y WEBrick::HTTPServer.new y la opción :DocumentRoot. • http://aluigi.altervista.org/adv/webrickcgi-adv.txt http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29794 http://secunia.com/advisories/30831 http://secunia.com/advisories/31687 http://www.mandriva.com/security/advisories?name=MDVSA-2008:140 http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities http://www.vupen.com/english/advisories/20 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2008-1145 – Ruby 1.8.6/1.9 (WEBick HTTPd 1.3.1) - Directory Traversal
https://notcve.org/view.php?id=CVE-2008-1145
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. Una vulnerabilidad de salto de directorio en WEBrick en Ruby versiones 1.8 anteriores a 1.8.5-p115 y 1.8.6-p114, y versiones 1.9 hasta 1.9.0-1, cuando se ejecuta en sistemas que admiten separadores de ruta de barra invertida (\) o nombres de archivo sin distinción entre mayúsculas y minúsculas, permite a atacantes remotos acceder a archivos arbitrarios por medio de secuencias o (1) "..%5c" (barra invertida codificada) o (2) nombres de archivo que coinciden con los patrones de la opción :NondisclosureName. • https://www.exploit-db.com/exploits/5215 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html http://secunia.com/advisories/29232 http://secunia.com/advisories/29357 http://secunia.com/advisories/29536 http://secunia.com/advisories/30802 http://secunia.com/advisories/31687 http://secunia.com/advisories/32371 http://support.apple.com/kb/HT2163 http://wiki.rpath.com/Advisories:rPSA • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2006-6303 – ruby's cgi.rb vulnerable infinite loop DoS
https://notcve.org/view.php?id=CVE-2006-6303
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467. La función read_multipart en cgi.rb de Ruby anterior a 1.8.5-p2 no detecta adecuadamente los límites en contenido MIME multipart, lo cual permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante una petición HTTP artesanal, un asunto diferente que CVE-2006-5467. • http://bugs.gentoo.org/show_bug.cgi?id=157048 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287 http://docs.info.apple.com/article.html?artnum=305530 http://jvn.jp/jp/JVN%2384798830/index.html http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/23165 http://secunia.com/advisories/23268 http://secunia.com/advisories/23454 http://secunia.com/advisories/25402 http://secunia.com/advisories/27576 http://secunia.co • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •