CVE-2008-3657: Input Validation

First published: Wed Aug 13 2008(Updated: )

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Ruby-lang Ruby	<=1.8.5
Ruby-lang Ruby	=1.6.8
Ruby-lang Ruby	=1.8.0
Ruby-lang Ruby	=1.8.1
Ruby-lang Ruby	=1.8.1--9
Ruby-lang Ruby	=1.8.2
Ruby-lang Ruby	=1.8.2-preview2
Ruby-lang Ruby	=1.8.2-preview3
Ruby-lang Ruby	=1.8.2-preview4
Ruby-lang Ruby	=1.8.3
Ruby-lang Ruby	=1.8.3-preview1
Ruby-lang Ruby	=1.8.3-preview2
Ruby-lang Ruby	=1.8.3-preview3
Ruby-lang Ruby	=1.8.4
Ruby-lang Ruby	=1.8.4-preview1
Ruby-lang Ruby	=1.8.4-preview2
Ruby-lang Ruby	=1.8.4-preview3
Ruby-lang Ruby	=1.8.5-p11
Ruby-lang Ruby	=1.8.5-p113
Ruby-lang Ruby	=1.8.5-p115
Ruby-lang Ruby	=1.8.5-p12
Ruby-lang Ruby	=1.8.5-p2
Ruby-lang Ruby	=1.8.5-p35
Ruby-lang Ruby	=1.8.5-preview1
Ruby-lang Ruby	=1.8.5-preview2
Ruby-lang Ruby	=1.8.5-preview3
Ruby-lang Ruby	=1.8.5-preview4
Ruby-lang Ruby	=1.8.5-preview5
Ruby-lang Ruby	=1.8.6
Ruby-lang Ruby	=1.8.6-p110
Ruby-lang Ruby	=1.8.6-p114
Ruby-lang Ruby	=1.8.6-preview1
Ruby-lang Ruby	=1.8.6-preview2
Ruby-lang Ruby	=1.8.6-preview3
Ruby-lang Ruby	=1.8.7
Ruby-lang Ruby	=1.8.7-p17
Ruby-lang Ruby	=1.8.7-p22
Ruby-lang Ruby	=1.8.7-p71
Ruby-lang Ruby	=1.8.7-preview1
Ruby-lang Ruby	=1.8.7-preview2
Ruby-lang Ruby	=1.8.7-preview3
Ruby-lang Ruby	=1.8.7-preview4
Ruby-lang Ruby	=1.9.0

Remedy

http://www.securityfocus.com/bid/30644

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
collector/nvd-historical
agent/weakness
agent/references
agent/severity
agent/author
agent/description
agent/remedy
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/type
agent/event
agent/tags
collector/mitre-cve
source/MITRE
vendor/ruby-lang
canonical/ruby-lang ruby
version/ruby-lang ruby/1.8.5
version/ruby-lang ruby/1.6.8
version/ruby-lang ruby/1.8.0
version/ruby-lang ruby/1.8.1
version/ruby-lang ruby/1.8.1--9
version/ruby-lang ruby/1.8.2
version/ruby-lang ruby/1.8.2-preview2
version/ruby-lang ruby/1.8.2-preview3
version/ruby-lang ruby/1.8.2-preview4
version/ruby-lang ruby/1.8.3
version/ruby-lang ruby/1.8.3-preview1
version/ruby-lang ruby/1.8.3-preview2
version/ruby-lang ruby/1.8.3-preview3
version/ruby-lang ruby/1.8.4
version/ruby-lang ruby/1.8.4-preview1
version/ruby-lang ruby/1.8.4-preview2
version/ruby-lang ruby/1.8.4-preview3
version/ruby-lang ruby/1.8.5-p11
version/ruby-lang ruby/1.8.5-p113
version/ruby-lang ruby/1.8.5-p115
version/ruby-lang ruby/1.8.5-p12
version/ruby-lang ruby/1.8.5-p2
version/ruby-lang ruby/1.8.5-p35
version/ruby-lang ruby/1.8.5-preview1
version/ruby-lang ruby/1.8.5-preview2
version/ruby-lang ruby/1.8.5-preview3
version/ruby-lang ruby/1.8.5-preview4
version/ruby-lang ruby/1.8.5-preview5
version/ruby-lang ruby/1.8.6
version/ruby-lang ruby/1.8.6-p110
version/ruby-lang ruby/1.8.6-p114
version/ruby-lang ruby/1.8.6-preview1
version/ruby-lang ruby/1.8.6-preview2
version/ruby-lang ruby/1.8.6-preview3
version/ruby-lang ruby/1.8.7
version/ruby-lang ruby/1.8.7-p17
version/ruby-lang ruby/1.8.7-p22
version/ruby-lang ruby/1.8.7-p71
version/ruby-lang ruby/1.8.7-preview1
version/ruby-lang ruby/1.8.7-preview2
version/ruby-lang ruby/1.8.7-preview3
version/ruby-lang ruby/1.8.7-preview4
version/ruby-lang ruby/1.9.0

CVE-2008-3657: Input Validation

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact