CVE-2008-2662

EUVD-2008-2657

24.06.2008, 19:41

Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
ruby-lang	ruby	𝑥 ≤ 1.8.4
ruby-lang	ruby	1.8.5 < 𝑥 < 1.8.5.231
ruby-lang	ruby	1.8.6 ≤ 𝑥 < 1.8.6.230
ruby-lang	ruby	1.8.7 ≤ 𝑥 < 1.8.7.22
ruby-lang	ruby	1.9.0 ≤ 𝑥 < 1.9.0.2
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

dapper	Fixed 1.8.4-1ubuntu1.5 released
feisty	Fixed 1.8.5-4ubuntu2.2 released
gutsy	Fixed 1.8.6.36-1ubuntu3.2 released
hardy	Fixed 1.8.6.111-2ubuntu1.1 released
intrepid	not-affected
jaunty	not-affected
karmic	not-affected
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	not-affected

ruby1.9

dapper	ignored
feisty	ignored
gutsy	ignored
hardy	ignored
intrepid	Fixed 1.9.0.2-1ubuntu1 released
jaunty	Fixed 1.9.0.2-1ubuntu1 released
karmic	Fixed 1.9.0.2-1ubuntu1 released
lucid	Fixed 1.9.0.2-1ubuntu1 released
maverick	dne
natty	dne
oneiric	dne

Common Weakness Enumeration

CWE-189 -

References

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43345

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43345

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11601

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html