CVE-2011-1005

Published: Mar 2, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2011:0910

vendor-advisory

x_refsource_REDHAT

[oss-security] 20110221 Re: CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

mailing-list

x_refsource_MLIST

MDVSA-2011:098

vendor-advisory

x_refsource_MANDRIVA

ADV-2011-0539

vdb-entry

x_refsource_VUPEN

RHSA-2011:0909

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=678920

x_refsource_CONFIRM

43573

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20110221 CVE request: ruby: FileUtils is vulnerable to symlink race attacks + Exception methods can bypass $SAFE

mailing-list

x_refsource_MLIST

RHSA-2011:0908

vendor-advisory

x_refsource_REDHAT

70957

vdb-entry

x_refsource_OSVDB

FEDORA-2011-1876

vendor-advisory

x_refsource_FEDORA

FEDORA-2011-1913

vendor-advisory

x_refsource_FEDORA

46458

vdb-entry

x_refsource_BID

http://support.apple.com/kb/HT5281

x_refsource_CONFIRM

MDVSA-2011:097

vendor-advisory

x_refsource_MANDRIVA

APPLE-SA-2012-05-09-1

vendor-advisory

x_refsource_APPLE

43420

third-party-advisory

x_refsource_SECUNIA

http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2011-1005

Description

Affected Products

References