Main Vulnerability Database SB2013042602

SB2013042602 - Permissions, Privileges, and Access Controls in Ruby

Published: April 26, 2013 Updated: August 3, 2020

Security Bulletin ID SB2013042602

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4464)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Remediation

Install update from vendor's website.

SB2013042602 - Permissions, Privileges, and Access Controls in Ruby

Breakdown by Severity

Description

Remediation

References

Please verify you're human