exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2009-1904

Status Candidate

Overview

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Related Files

Ubuntu Security Notice 900-1
Posted Feb 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2009-1904, CVE-2009-4124, CVE-2009-4492
SHA-256 | 70b75a6c7bfeabf4136e18e897f88132e74cb4a9c3e67e5d0923c49a358f6156
Mandriva Linux Security Advisory 2009-325
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, ruby
systems | linux, mandriva
advisories | CVE-2009-0642, CVE-2009-1904
SHA-256 | e2077ce129461d0a497c42e86d0c3e3ab2181e15b32eb65c1f3946d4694469cc
Debian Linux Security Advisory 1860-1
Posted Aug 13, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2009-0642, CVE-2009-1904
SHA-256 | 11affe671bc325d35bbacdaba1cc0dff84af2b4d7f43397ff4731fd74ebce484
Mandriva Linux Security Advisory 2009-177
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
SHA-256 | 0fd98c4ebc36f2cd2987b88dc0bb1f02ad698ffd6f931d8903d8e2f37cd345ee
Mandriva Linux Security Advisory 2009-160
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-160 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
SHA-256 | 1a4fc3227a9c7ac57cc3cb0a7ef3171a6b6750fcdf5356e6937f862a5750b2ff
Ubuntu Security Notice 805-1
Posted Jul 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-805-1 - It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2009-0642, CVE-2009-1904
SHA-256 | 4f72a70fd200ee1273e4776e82b8528015c978b29ef39631d27d00a2af0926b2
Gentoo Linux Security Advisory 200906-2
Posted Jun 29, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected.

tags | advisory, remote, denial of service, ruby
systems | linux, gentoo
advisories | CVE-2009-1904
SHA-256 | 271e2cbee460e7669a9c6939724fce93d9eab44717c251741da107d279cd04eb
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close