REDHAT-BUG-678920
First published: Sun Feb 20 2011(Updated: )
A security flaw was found in the Ruby method, translating message of the exception into string representation. An attacker could use this flaw to modify arbitrary untainted strings into their tainted equivalents by tricking the safe level mechanism of this method. References: [1] <a href="http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/">http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/</a> Upstream patch (against ruby_1_8 branch): [2] <a href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=30903">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=30903</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruby | <1.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=30903
- http://www.openwall.com/lists/oss-security/2011/02/21/2
- https://access.redhat.com/security/cve/CVE-2011-1005
- http://www.openwall.com/lists/oss-security/2011/02/21/5
- https://rhn.redhat.com/errata/RHSA-2011-0908.html
- https://rhn.redhat.com/errata/RHSA-2011-0910.html
- https://rhn.redhat.com/errata/RHSA-2011-0909.html
- https://bugzilla.redhat.com/show_bug.cgi?id=678920
Frequently Asked Questions
What is the severity of REDHAT-BUG-678920?
The severity of REDHAT-BUG-678920 is considered high due to the potential for arbitrary string modification.
How do I fix REDHAT-BUG-678920?
To fix REDHAT-BUG-678920, upgrade to a Ruby version higher than 1.8 that addresses this vulnerability.
What causes the vulnerability REDHAT-BUG-678920?
REDHAT-BUG-678920 is caused by a flaw in the Ruby method that allows the safe level mechanism to be bypassed.
What is affected by REDHAT-BUG-678920?
REDHAT-BUG-678920 affects Ruby versions up to 1.8, allowing attackers to manipulate untainted strings.
Who is at risk from the vulnerability REDHAT-BUG-678920?
Developers and applications using vulnerable versions of Ruby are at risk from REDHAT-BUG-678920.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1005
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ruby
- canonical/ruby