Sign-up

ID

VAR-201103-0287


CVE

CVE-2011-0188


TITLE

Ruby of BigDecimal In class VpMemAlloc Vulnerability in arbitrary code execution in function

Trust: 0.8

sources: JVNDB: JVNDB-2011-001413

DESCRIPTION

The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue.". Ruby is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input. A successful exploit can allow an attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Ruby 1.9.2 is vulnerable; other versions may also be affected. NOTE: This issue was previously described in BID 46950 (Apple Mac OS X Prior to 10.6.7 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Mac OS X is a dedicated operating system developed by Apple for Mac computers. The safe-level feature in Ruby allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname (CVE-2011-1005). (CVE-2011-0188). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0541 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1004 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: c066384f71562d23b04e4f37e06cd167 2009.0/i586/ruby-1.8.7-7p72.4mdv2009.0.i586.rpm 663d190c3a9040a5e1f63d3c3ff48ba1 2009.0/i586/ruby-devel-1.8.7-7p72.4mdv2009.0.i586.rpm beb5b53b8d66028329b8e1884aa18c90 2009.0/i586/ruby-doc-1.8.7-7p72.4mdv2009.0.i586.rpm 38bea5030db5e2d25f6348ef15150486 2009.0/i586/ruby-tk-1.8.7-7p72.4mdv2009.0.i586.rpm fbe12ae1b2026227568007c26c3bc0c4 2009.0/SRPMS/ruby-1.8.7-7p72.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 68a7d27517f1848f660418aa584eb3da 2009.0/x86_64/ruby-1.8.7-7p72.4mdv2009.0.x86_64.rpm 19749daa6bf45dc43daa4561f107134c 2009.0/x86_64/ruby-devel-1.8.7-7p72.4mdv2009.0.x86_64.rpm 68fb72ae12ba5ceadcc22434e13b4db1 2009.0/x86_64/ruby-doc-1.8.7-7p72.4mdv2009.0.x86_64.rpm 9f0f091ffb3f1fc1418f765b974d93da 2009.0/x86_64/ruby-tk-1.8.7-7p72.4mdv2009.0.x86_64.rpm fbe12ae1b2026227568007c26c3bc0c4 2009.0/SRPMS/ruby-1.8.7-7p72.4mdv2009.0.src.rpm Mandriva Linux 2010.1: ddeaf58e58815fe6cc74655d622543af 2010.1/i586/ruby-1.8.7.p249-4.1mdv2010.2.i586.rpm 6f18aaa77d93fcddbb98e12e5e829b2b 2010.1/i586/ruby-devel-1.8.7.p249-4.1mdv2010.2.i586.rpm 5f23410b06cb0c11483ad0944511521c 2010.1/i586/ruby-doc-1.8.7.p249-4.1mdv2010.2.i586.rpm 8cfeb511b56f105eb9c4f76be8255e65 2010.1/i586/ruby-tk-1.8.7.p249-4.1mdv2010.2.i586.rpm 26ba24fef0f0c25c1906479c4711e095 2010.1/SRPMS/ruby-1.8.7.p249-4.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 9ce41813fa1b4c75c2427fd605127e0b 2010.1/x86_64/ruby-1.8.7.p249-4.1mdv2010.2.x86_64.rpm c20daba0703471c7a6131410ecad9ad6 2010.1/x86_64/ruby-devel-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 1d87d641bb55721b342a8c1d94483146 2010.1/x86_64/ruby-doc-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 307294ebb3e8fd4b4c56553c69f5c4d2 2010.1/x86_64/ruby-tk-1.8.7.p249-4.1mdv2010.2.x86_64.rpm 26ba24fef0f0c25c1906479c4711e095 2010.1/SRPMS/ruby-1.8.7.p249-4.1mdv2010.2.src.rpm Mandriva Enterprise Server 5: d07c49b37323079332997e866458ae9d mes5/i586/ruby-1.8.7-7p72.4mdvmes5.2.i586.rpm 5f7223ff9adf5efabaea360e5b18aadf mes5/i586/ruby-devel-1.8.7-7p72.4mdvmes5.2.i586.rpm 43901d6c806fa7233a6f5523e8f50390 mes5/i586/ruby-doc-1.8.7-7p72.4mdvmes5.2.i586.rpm 350d1f6430aecfc3f2273faa2ccbb780 mes5/i586/ruby-tk-1.8.7-7p72.4mdvmes5.2.i586.rpm 45603b65b4f80c8e1858bbc84daf4494 mes5/SRPMS/ruby-1.8.7-7p72.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: c6c7bd10892509e91ce007670cfaa22f mes5/x86_64/ruby-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 3bb3451b8ed9ab86b10ef43a090d362e mes5/x86_64/ruby-devel-1.8.7-7p72.4mdvmes5.2.x86_64.rpm dff5787e4172ea0941033b596293c08f mes5/x86_64/ruby-doc-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 2c8951924ef6f80d1ca887f82f8deb47 mes5/x86_64/ruby-tk-1.8.7-7p72.4mdvmes5.2.x86_64.rpm 45603b65b4f80c8e1858bbc84daf4494 mes5/SRPMS/ruby-1.8.7-7p72.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFN2jqhmqjQ0CJFipgRAlnKAKDcf6I3beHFSSrX86ob/PzT+NwtxgCeNgsq uMw3t7u8fkmaD51bIO3CaIw= =yXr+ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: ruby security update Advisory ID: RHSA-2011:0909-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0909.html Issue date: 2011-06-28 CVE Names: CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005 ===================================================================== 1. Summary: Updated ruby packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 554485 - CVE-2009-4492 ruby WEBrick log escape sequence 587731 - CVE-2010-0541 Ruby WEBrick javascript injection flaw 678913 - CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module 678920 - CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings 682332 - CVE-2011-0188 ruby: memory corruption in BigDecimal on 64bit platforms 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-docs-1.8.5-19.el5_6.1.i386.rpm ruby-irb-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-rdoc-1.8.5-19.el5_6.1.i386.rpm ruby-ri-1.8.5-19.el5_6.1.i386.rpm ruby-tcltk-1.8.5-19.el5_6.1.i386.rpm x86_64: ruby-1.8.5-19.el5_6.1.x86_64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-docs-1.8.5-19.el5_6.1.x86_64.rpm ruby-irb-1.8.5-19.el5_6.1.x86_64.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.x86_64.rpm ruby-rdoc-1.8.5-19.el5_6.1.x86_64.rpm ruby-ri-1.8.5-19.el5_6.1.x86_64.rpm ruby-tcltk-1.8.5-19.el5_6.1.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-mode-1.8.5-19.el5_6.1.i386.rpm x86_64: ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.x86_64.rpm ruby-mode-1.8.5-19.el5_6.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/ruby-1.8.5-19.el5_6.1.src.rpm i386: ruby-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-docs-1.8.5-19.el5_6.1.i386.rpm ruby-irb-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-mode-1.8.5-19.el5_6.1.i386.rpm ruby-rdoc-1.8.5-19.el5_6.1.i386.rpm ruby-ri-1.8.5-19.el5_6.1.i386.rpm ruby-tcltk-1.8.5-19.el5_6.1.i386.rpm ia64: ruby-1.8.5-19.el5_6.1.ia64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ia64.rpm ruby-devel-1.8.5-19.el5_6.1.ia64.rpm ruby-docs-1.8.5-19.el5_6.1.ia64.rpm ruby-irb-1.8.5-19.el5_6.1.ia64.rpm ruby-libs-1.8.5-19.el5_6.1.ia64.rpm ruby-mode-1.8.5-19.el5_6.1.ia64.rpm ruby-rdoc-1.8.5-19.el5_6.1.ia64.rpm ruby-ri-1.8.5-19.el5_6.1.ia64.rpm ruby-tcltk-1.8.5-19.el5_6.1.ia64.rpm ppc: ruby-1.8.5-19.el5_6.1.ppc.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ppc.rpm ruby-debuginfo-1.8.5-19.el5_6.1.ppc64.rpm ruby-devel-1.8.5-19.el5_6.1.ppc.rpm ruby-devel-1.8.5-19.el5_6.1.ppc64.rpm ruby-docs-1.8.5-19.el5_6.1.ppc.rpm ruby-irb-1.8.5-19.el5_6.1.ppc.rpm ruby-libs-1.8.5-19.el5_6.1.ppc.rpm ruby-libs-1.8.5-19.el5_6.1.ppc64.rpm ruby-mode-1.8.5-19.el5_6.1.ppc.rpm ruby-rdoc-1.8.5-19.el5_6.1.ppc.rpm ruby-ri-1.8.5-19.el5_6.1.ppc.rpm ruby-tcltk-1.8.5-19.el5_6.1.ppc.rpm s390x: ruby-1.8.5-19.el5_6.1.s390x.rpm ruby-debuginfo-1.8.5-19.el5_6.1.s390.rpm ruby-debuginfo-1.8.5-19.el5_6.1.s390x.rpm ruby-devel-1.8.5-19.el5_6.1.s390.rpm ruby-devel-1.8.5-19.el5_6.1.s390x.rpm ruby-docs-1.8.5-19.el5_6.1.s390x.rpm ruby-irb-1.8.5-19.el5_6.1.s390x.rpm ruby-libs-1.8.5-19.el5_6.1.s390.rpm ruby-libs-1.8.5-19.el5_6.1.s390x.rpm ruby-mode-1.8.5-19.el5_6.1.s390x.rpm ruby-rdoc-1.8.5-19.el5_6.1.s390x.rpm ruby-ri-1.8.5-19.el5_6.1.s390x.rpm ruby-tcltk-1.8.5-19.el5_6.1.s390x.rpm x86_64: ruby-1.8.5-19.el5_6.1.x86_64.rpm ruby-debuginfo-1.8.5-19.el5_6.1.i386.rpm ruby-debuginfo-1.8.5-19.el5_6.1.x86_64.rpm ruby-devel-1.8.5-19.el5_6.1.i386.rpm ruby-devel-1.8.5-19.el5_6.1.x86_64.rpm ruby-docs-1.8.5-19.el5_6.1.x86_64.rpm ruby-irb-1.8.5-19.el5_6.1.x86_64.rpm ruby-libs-1.8.5-19.el5_6.1.i386.rpm ruby-libs-1.8.5-19.el5_6.1.x86_64.rpm ruby-mode-1.8.5-19.el5_6.1.x86_64.rpm ruby-rdoc-1.8.5-19.el5_6.1.x86_64.rpm ruby-ri-1.8.5-19.el5_6.1.x86_64.rpm ruby-tcltk-1.8.5-19.el5_6.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2009-4492.html https://www.redhat.com/security/data/cve/CVE-2010-0541.html https://www.redhat.com/security/data/cve/CVE-2011-0188.html https://www.redhat.com/security/data/cve/CVE-2011-1004.html https://www.redhat.com/security/data/cve/CVE-2011-1005.html https://access.redhat.com/security/updates/classification/#moderate http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/ http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/ http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOChE2XlSAg2UNWIIRApbvAJ9jyCr3ab4eoWGmH/Lr1D9fbqlPbQCfSmOh k7GfQmHQju444Nztk6ar944= =VbL1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Ruby: Denial of Service Date: December 13, 2014 Bugs: #355439, #369141, #396301, #437366, #442580, #458776, #492282, #527084, #529216 ID: 201412-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Ruby, allowing context-dependent attackers to cause a Denial of Service condition. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Ruby 1.9 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.9.3_p551" All Ruby 2.0 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ruby-2.0.0_p598" References ========== [ 1 ] CVE-2011-0188 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0188 [ 2 ] CVE-2011-1004 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004 [ 3 ] CVE-2011-1005 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005 [ 4 ] CVE-2011-4815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4815 [ 5 ] CVE-2012-4481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4481 [ 6 ] CVE-2012-5371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5371 [ 7 ] CVE-2013-0269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0269 [ 8 ] CVE-2013-1821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1821 [ 9 ] CVE-2013-4164 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4164 [ 10 ] CVE-2014-8080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8080 [ 11 ] CVE-2014-8090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8090 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-27.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- http://twitter.com/secunia http://www.facebook.com/Secunia ---------------------------------------------------------------------- TITLE: Ruby BigDecimal Integer Truncation Vulnerability SECUNIA ADVISORY ID: SA44638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44638 RELEASE DATE: 2011-05-25 DISCUSS ADVISORY: http://secunia.com/advisories/44638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer truncation vulnerability within the "VpMemAlloc()" function in ext/bigdecimal/bigdecimal.c, which can be exploited to e.g. cause a memory corruption. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Drew Yao, Apple Product Security ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=682332 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2011-0188 // JVNDB: JVNDB-2011-001413 // BID: 46966 // VULHUB: VHN-48133 // PACKETSTORM: 101616 // PACKETSTORM: 101615 // PACKETSTORM: 102622 // PACKETSTORM: 129551 // PACKETSTORM: 102620 // PACKETSTORM: 101648

AFFECTED PRODUCTS

vendor:ruby langmodel:rubyscope:lteversion:1.9.2-p136

Trust: 1.8

vendor:ruby langmodel:rubyscope:eqversion:1.9.0-20070709

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.0-2

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.2

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.1

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.0-1

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.0-20060415

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.0

Trust: 1.6

vendor:ruby langmodel:rubyscope:eqversion:1.9.0-0

Trust: 1.0

vendor:ruby langmodel:rubyscope:eqversion:1.9

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.6

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.6

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:3 (x86-64)

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0

Trust: 0.8

vendor:cybertrustmodel:asianux serverscope:eqversion:4.0 (x86-64)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.8

vendor:red hatmodel:enterprise linux server eusscope:eqversion:6.1.z

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.8

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9-1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:redmodel:hat enterprise linux eus 5.6.z serverscope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p302scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p383scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.6

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9.0-3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -rc1scope:eqversion:1.9.2

Trust: 0.3

vendor:redmodel:hat enterprise linux long life serverscope:eqversion:5.6

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.6.8

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p180scope:eqversion:1.9.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p376scope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre4scope:eqversion:1.8.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p173scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p368scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre3scope:eqversion:1.8.2

Trust: 0.3

vendor:redmodel:hat enterprise linux as 4.8.zscope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p334scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9.1

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p71scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p299scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p72scope:eqversion:1.8.7

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p330scope: - version: -

Trust: 0.3

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.6

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p0scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.6.7

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p429scope:eqversion:1.9.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p249scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.1-p430scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p229scope:eqversion:1.8.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p115scope:eqversion:1.8.5

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p286scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p230scope:eqversion:1.8.5

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p399scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p22scope:eqversion:1.8.7

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p388scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p230scope:eqversion:1.8.6

Trust: 0.3

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p369scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p114scope:eqversion:1.8.6

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p248scope: - version: -

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p136scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p2scope:eqversion:1.8.5

Trust: 0.3

vendor:redmodel:hat enterprise linux server eus 6.1.zscope: - version: -

Trust: 0.3

vendor:avayamodel:aura system manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p287scope:eqversion:1.8.6

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.9-2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.7-p160scope: - version: -

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:avayamodel:aura system managerscope:eqversion:6.1.1

Trust: 0.3

vendor:redhatmodel:enterprise linux es 4.8.zscope: - version: -

Trust: 0.3

vendor:avayamodel:aura system manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre2scope:eqversion:1.8.2

Trust: 0.3

vendor:redmodel:hat desktop workstationscope:eqversion:5

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.8.6-p420scope: - version: -

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre3scope:eqversion:1.9.2

Trust: 0.3

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby rc2scope:eqversion:1.9.2

Trust: 0.3

vendor:yukihiromodel:matsumoto rubyscope:eqversion:0

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby p431scope:eqversion:1.9.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p231scope:eqversion:1.8.5

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:redmodel:hat enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby -p21scope:eqversion:1.8.7

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby 1.9.1-p378scope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

vendor:yukihiromodel:matsumoto ruby pre1scope:eqversion:1.8.2

Trust: 0.3

sources: BID: 46966 // CNNVD: CNNVD-201103-298 // JVNDB: JVNDB-2011-001413 // NVD: CVE-2011-0188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0188
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-0188
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201103-298
value: MEDIUM

Trust: 0.6

VULHUB: VHN-48133
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-0188
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-48133
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48133 // CNNVD: CNNVD-201103-298 // JVNDB: JVNDB-2011-001413 // NVD: CVE-2011-0188

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-48133 // JVNDB: JVNDB-2011-001413 // NVD: CVE-2011-0188

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 101616 // PACKETSTORM: 102620 // CNNVD: CNNVD-201103-298

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201103-298

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001413

PATCH
title:HT4581url:http://support.apple.com/kb/HT4581
Trust: 0.8
title:HT4581url:http://support.apple.com/kb/HT4581?viewlocale=ja_JP
Trust: 0.8
title:ruby-1.8.5-19.1.0.1.AXS3url:https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1463
Trust: 0.8
title:2225url:https://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2225
Trust: 0.8
title:RHSA-2011:0910url:https://rhn.redhat.com/errata/RHSA-2011-0910.html
Trust: 0.8
title:Ruby 1.9.2-p136リリースurl:http://www.ruby-lang.org/ja/news/2010/12/25/ruby-1-9-2-p136-is-released
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-001413

EXTERNAL IDS
db:NVDid:CVE-2011-0188
Trust: 3.3
db:SECTRACKid:1025236
Trust: 1.9
db:BIDid:46966
Trust: 1.2
db:SECUNIAid:44638
Trust: 0.9
db:JVNDBid:JVNDB-2011-001413
Trust: 0.8
db:CNNVDid:CNNVD-201103-298
Trust: 0.7
db:NSFOCUSid:16613
Trust: 0.6
db:NSFOCUSid:16871
Trust: 0.6
db:SECUNIAid:43814
Trust: 0.6
db:APPLEid:APPLE-SA-2011-03-21-1
Trust: 0.6
db:PACKETSTORMid:129551
Trust: 0.2
db:PACKETSTORMid:102628
Trust: 0.1
db:VULHUBid:VHN-48133
Trust: 0.1
db:PACKETSTORMid:101616
Trust: 0.1
db:PACKETSTORMid:101615
Trust: 0.1
db:PACKETSTORMid:102622
Trust: 0.1
db:PACKETSTORMid:102620
Trust: 0.1
db:PACKETSTORMid:101648
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48133 // 
            
            
            
            BID: 46966 // 
            
            
            
            PACKETSTORM: 101616 // 
            
            
            
            PACKETSTORM: 101615 // 
            
            
            
            PACKETSTORM: 102622 // 
            
            
            
            PACKETSTORM: 129551 // 
            
            
            
            PACKETSTORM: 102620 // 
            
            
            
            PACKETSTORM: 101648 // 
            
            
            
            CNNVD: CNNVD-201103-298 // 
            
            
            
            JVNDB: JVNDB-2011-001413 // 
            
            
            
            NVD: CVE-2011-0188

REFERENCES
url:http://www.securitytracker.com/id?1025236
Trust: 1.9
url:https://bugzilla.redhat.com/show_bug.cgi?id=682332
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2011/mar/msg00006.html
Trust: 1.7
url:http://support.apple.com/kb/ht4581
Trust: 1.7
url:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&r2=30993
Trust: 1.6
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:097
Trust: 1.1
url:http://www.mandriva.com/security/advisories?name=mdvsa-2011:098
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2011-0908.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2011-0909.html
Trust: 1.1
url:http://www.redhat.com/support/errata/rhsa-2011-0910.html
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0188
Trust: 1.0
url:http://jvn.jp/cert/jvnvu636925
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0188
Trust: 0.8
url:http://secunia.com/advisories/44638
Trust: 0.8
url:http://www.securityfocus.com/bid/46966
Trust: 0.8
url:http://secunia.com/advisories/43814
Trust: 0.6
url:http://www.nsfocus.net/vulndb/16613
Trust: 0.6
url:http://www.nsfocus.net/vulndb/16871
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2011-0188
Trust: 0.5
url:https://nvd.nist.gov/vuln/detail/cve-2011-1005
Trust: 0.5
url:http://rhn.redhat.com/errata/rhsa-2011-0908.html
Trust: 0.4
url:http://rhn.redhat.com/errata/rhsa-2011-0909.html
Trust: 0.4
url:https://nvd.nist.gov/vuln/detail/cve-2010-0541
Trust: 0.4
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?annotate=30993&diff_format=h
Trust: 0.3
url:http://www.ruby-lang.org
Trust: 0.3
url:http://support.avaya.com/css/p8/documents/100144502
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2011-0910.html
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2011-1004
Trust: 0.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0541
Trust: 0.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1005
Trust: 0.2
url:http://www.mandriva.com/security/
Trust: 0.2
url:http://secunia.com/
Trust: 0.2
url:http://www.mandriva.com/security/advisories
Trust: 0.2
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2010-0541.html
Trust: 0.2
url:https://access.redhat.com/kb/docs/doc-11259
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2011-1005.html
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2011-0188.html
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2009-4492
Trust: 0.2
url:https://access.redhat.com/security/team/contact/
Trust: 0.2
url:http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
Trust: 0.2
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.2
url:https://www.redhat.com/security/data/cve/cve-2009-4492.html
Trust: 0.2
url:https://access.redhat.com/security/updates/classification/#moderate
Trust: 0.2
url:http://www.ruby-lang.org/en/news/2010/01/10/webrick-escape-sequence-injection/
Trust: 0.2
url:https://access.redhat.com/security/team/key/#package
Trust: 0.2
url:http://bugzilla.redhat.com/):
Trust: 0.2
url:http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/
Trust: 0.2
url:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/ext/bigdecimal/bigdecimal.c?r1=29364&amp;r2=30993
Trust: 0.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1004
Trust: 0.1
url:http://store.mandriva.com/product_info.php?cpath=149&amp;products_id=490
Trust: 0.1
url:http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
Trust: 0.1
url:https://www.redhat.com/security/data/cve/cve-2011-1004.html
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4815
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5371
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1005
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0269
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1821
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8080
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-8080
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0188
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0269
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-5371
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-4164
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-8090
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1004
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4164
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4481
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2011-4815
Trust: 0.1
url:http://security.gentoo.org/glsa/glsa-201412-27.xml
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-8090
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-1821
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4481
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44638
Trust: 0.1
url:http://twitter.com/secunia
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://www.facebook.com/secunia
Trust: 0.1
url:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/44638/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/44638/#comments
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48133 // 
            
            
            
            BID: 46966 // 
            
            
            
            PACKETSTORM: 101616 // 
            
            
            
            PACKETSTORM: 101615 // 
            
            
            
            PACKETSTORM: 102622 // 
            
            
            
            PACKETSTORM: 129551 // 
            
            
            
            PACKETSTORM: 102620 // 
            
            
            
            PACKETSTORM: 101648 // 
            
            
            
            CNNVD: CNNVD-201103-298 // 
            
            
            
            JVNDB: JVNDB-2011-001413 // 
            
            
            
            NVD: CVE-2011-0188

CREDITS
Drew Yao
Trust: 0.3
sources:
            
            
            BID: 46966

SOURCES
db:VULHUBid:VHN-48133
db:BIDid:46966
db:PACKETSTORMid:101616
db:PACKETSTORMid:101615
db:PACKETSTORMid:102622
db:PACKETSTORMid:129551
db:PACKETSTORMid:102620
db:PACKETSTORMid:101648
db:CNNVDid:CNNVD-201103-298
db:JVNDBid:JVNDB-2011-001413
db:NVDid:CVE-2011-0188

LAST UPDATE DATE
2025-10-12T22:24:09.494000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-48133date:2011-08-24T00:00:00
db:BIDid:46966date:2015-03-19T08:18:00
db:CNNVDid:CNNVD-201103-298date:2021-07-12T00:00:00
db:JVNDBid:JVNDB-2011-001413date:2011-07-28T00:00:00
db:NVDid:CVE-2011-0188date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-48133date:2011-03-23T00:00:00
db:BIDid:46966date:2011-03-21T00:00:00
db:PACKETSTORMid:101616date:2011-05-23T14:35:38
db:PACKETSTORMid:101615date:2011-05-23T14:34:42
db:PACKETSTORMid:102622date:2011-06-28T19:16:10
db:PACKETSTORMid:129551date:2014-12-15T19:58:46
db:PACKETSTORMid:102620date:2011-06-28T19:11:19
db:PACKETSTORMid:101648date:2011-05-24T05:21:29
db:CNNVDid:CNNVD-201103-298date:2011-03-24T00:00:00
db:JVNDBid:JVNDB-2011-001413date:2011-04-25T00:00:00
db:NVDid:CVE-2011-0188date:2011-03-23T02:00:06.110