what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2009-1904

Status Candidate

Overview

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Related Files

Ubuntu Security Notice 900-1
Posted Feb 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2009-1904, CVE-2009-4124, CVE-2009-4492
MD5 | 3b31b80b0da78d5ad7722be923a5e0a2
Mandriva Linux Security Advisory 2009-325
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, ruby
systems | linux, mandriva
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | d1801ae070b0338585927f225181773a
Debian Linux Security Advisory 1860-1
Posted Aug 13, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | 1bfd519f85bdb6e2c0f36ac10784c98d
Mandriva Linux Security Advisory 2009-177
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
MD5 | 21084a66bf6cb2513c8fbbe9321b8457
Mandriva Linux Security Advisory 2009-160
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-160 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
MD5 | 38d1c2ba57fb804a56da668f5399e3c2
Ubuntu Security Notice 805-1
Posted Jul 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-805-1 - It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | 789059447e9e13417e0c4a5130ee83b7
Gentoo Linux Security Advisory 200906-2
Posted Jun 29, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected.

tags | advisory, remote, denial of service, ruby
systems | linux, gentoo
advisories | CVE-2009-1904
MD5 | f680b416976cb5745d15eae1ba7e4408
Page 1 of 1
Back1Next

File Archive:

February 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    22 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    2 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    50 Files
  • 6
    Feb 6th
    24 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    6 Files
  • 9
    Feb 9th
    1 Files
  • 10
    Feb 10th
    1 Files
  • 11
    Feb 11th
    22 Files
  • 12
    Feb 12th
    25 Files
  • 13
    Feb 13th
    16 Files
  • 14
    Feb 14th
    32 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    10 Files
  • 17
    Feb 17th
    2 Files
  • 18
    Feb 18th
    27 Files
  • 19
    Feb 19th
    32 Files
  • 20
    Feb 20th
    15 Files
  • 21
    Feb 21st
    17 Files
  • 22
    Feb 22nd
    12 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close