First published: Fri Jul 09 2010(Updated: )
Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow local users to gain privileges via a crafted ARGF.inplace_mode value that is not properly handled when constructing the filenames of the backup files.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ruby | =1.9.0-0 | |
Ruby | =1.9.0-1 | |
Ruby | =1.9.0-2 | |
Ruby | =1.9.0-20060415 | |
Ruby | =1.9.0-20070709 | |
Ruby | =1.9.1--p0 | |
Ruby | =1.9.1--p129 | |
Ruby | =1.9.1--p243 | |
Ruby | =1.9.1--p376 | |
Ruby | =1.9.1--p429 | |
Ruby | =1.9.1--preview_1 | |
Ruby | =1.9.1--preview_2 | |
Ruby | =1.9.1--rc1 | |
Ruby | =1.9.1--rc2 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2010-2489 is considered high due to the potential for local users to gain elevated privileges.
To fix CVE-2010-2489, update Ruby to version 1.9.1-p429 or later.
Affected versions of Ruby include all 1.9.x versions prior to 1.9.1-p429.
CVE-2010-2489 cannot be exploited remotely; it requires local access to a vulnerable system.
CVE-2010-2489 is a buffer overflow vulnerability that occurs due to improper handling of the ARGF.inplace_mode value.