Twenty Year Anniversary
Showing 1 - 7 of 7 RSS Feed

CVE-2009-1904

Status Candidate

Overview

The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type.

Related Files

Ubuntu Security Notice 900-1
Posted Feb 16, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.

tags | advisory, denial of service, arbitrary, ruby
systems | linux, ubuntu
advisories | CVE-2009-1904, CVE-2009-4124, CVE-2009-4492
MD5 | 3b31b80b0da78d5ad7722be923a5e0a2
Mandriva Linux Security Advisory 2009-325
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-325 - ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. Packages for 2008.0 are being provided due to extended support for Corporate products. This update provides a solution to these vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, ruby
systems | linux, mandriva
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | d1801ae070b0338585927f225181773a
Debian Linux Security Advisory 1860-1
Posted Aug 13, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1860-1 - Several vulnerabilities have been discovered in Ruby.

tags | advisory, vulnerability, ruby
systems | linux, debian
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | 1bfd519f85bdb6e2c0f36ac10784c98d
Mandriva Linux Security Advisory 2009-177
Posted Jul 29, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
MD5 | 21084a66bf6cb2513c8fbbe9321b8457
Mandriva Linux Security Advisory 2009-160
Posted Jul 28, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-160 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.

tags | advisory, denial of service, ruby
systems | linux, mandriva
advisories | CVE-2009-1904
MD5 | 38d1c2ba57fb804a56da668f5399e3c2
Ubuntu Security Notice 805-1
Posted Jul 21, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-805-1 - It was discovered that Ruby did not properly validate certificates. An attacker could exploit this and present invalid or revoked X.509 certificates. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service.

tags | advisory, denial of service, ruby
systems | linux, ubuntu
advisories | CVE-2009-0642, CVE-2009-1904
MD5 | 789059447e9e13417e0c4a5130ee83b7
Gentoo Linux Security Advisory 200906-2
Posted Jun 29, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200906-02 - A flaw in the Ruby standard library might allow remote attackers to cause a Denial of Service attack. Tadayoshi Funaba reported that BigDecimal in ext/bigdecimal/bigdecimal.c does not properly handle string arguments containing overly long numbers. Versions less than 1.8.6_p369 are affected.

tags | advisory, remote, denial of service, ruby
systems | linux, gentoo
advisories | CVE-2009-1904
MD5 | f680b416976cb5745d15eae1ba7e4408
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close