CVE-2008-2663

24.06.2008, 19:41

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
ruby-lang	ruby	𝑥 ≤ 1.8.4
ruby-lang	ruby	1.8.5 < 𝑥 < 1.8.5.231
ruby-lang	ruby	1.8.6 ≤ 𝑥 < 1.8.6.230
ruby-lang	ruby	1.8.7 ≤ 𝑥 < 1.8.7.22
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1.8.6.111-2ubuntu1.1 released
gutsy	Fixed 1.8.6.36-1ubuntu3.2 released
feisty	Fixed 1.8.5-4ubuntu2.2 released
dapper	Fixed 1.8.4-1ubuntu1.5 released

ruby1.9

oneiric	dne
natty	dne
maverick	dne
lucid	Fixed 1.9.0.2-1ubuntu1 released
karmic	Fixed 1.9.0.2-1ubuntu1 released
jaunty	Fixed 1.9.0.2-1ubuntu1 released
intrepid	Fixed 1.9.0.2-1ubuntu1 released
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Common Weakness Enumeration

CWE-190 - Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

References

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43346

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/43346

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10524

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html