CVE-2008-3655
Ruby 1.9 - Safe Level Multiple Function Restriction Bypass
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 hasta r18423, no restringe apropiadamente el acceso a variables y métodos críticos en varios niveles seguros, lo que permite a los atacantes dependiendo del contexto omitir las restricciones de acceso previstas por medio de (1) untrace_var, (2) $PROGRAM_NAME, y (3) syslog en nivel seguro 4 y (4) métodos no confiables en los niveles seguros 1 a 3.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-08-11 First Exploit
- 2008-08-12 CVE Reserved
- 2008-08-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (36)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 | X_refsource_confirm | |
| http://support.apple.com/kb/HT3549 | X_refsource_confirm |
|
| http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm | X_refsource_confirm | |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/495884/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1020656 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44369 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/32224 | 2008-08-11 | |
| https://www.exploit-db.com/exploits/32223 | 2008-08-11 | |
| http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby | 2024-08-07 | |
| http://www.securityfocus.com/bid/30644 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2008/dsa-1651 | 2018-10-11 | |
| http://www.vupen.com/english/advisories/2009/1297 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | <= 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version " <= 1.8.5" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.6.8 Search vendor "Ruby-lang" for product "Ruby" and version "1.6.8" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.0 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.0" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.1 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.1" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.1 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.1" | -9 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.2 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.2" | preview4 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.3 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.3" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.4 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.4 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.4 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.4 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.4" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p11 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p113 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p115 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p12 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | p35 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | preview4 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.5 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.5" | preview5 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p110 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p111 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p114 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p230 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p286 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | p36 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.6 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.6" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | - |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p17 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p22 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | p71 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview1 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview2 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview3 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.8.7 Search vendor "Ruby-lang" for product "Ruby" and version "1.8.7" | preview4 |
Affected
| ||||||
| Ruby-lang Search vendor "Ruby-lang" | Ruby Search vendor "Ruby-lang" for product "Ruby" | 1.9.0 Search vendor "Ruby-lang" for product "Ruby" and version "1.9.0" | - |
Affected
| ||||||