CVE-2008-2725

24.06.2008, 19:41

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption via unspecified vectors, aka the "REALLOC_N" variant, a different issue than CVE-2008-2662, CVE-2008-2663, and CVE-2008-2664.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 79%

Vendor	Product	Version
ruby-lang	ruby	𝑥 ≤ 1.8.4
ruby-lang	ruby	1.8.5 ≤ 𝑥 < 1.8.5.231
ruby-lang	ruby	1.8.6 ≤ 𝑥 < 1.8.6.230
ruby-lang	ruby	1.8.7 ≤ 𝑥 < 1.8.7.22
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

oneiric	not-affected
natty	not-affected
maverick	not-affected
lucid	not-affected
karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 1.8.6.111-2ubuntu1.1 released
gutsy	Fixed 1.8.6.36-1ubuntu3.2 released
feisty	Fixed 1.8.5-4ubuntu2.2 released
dapper	Fixed 1.8.4-1ubuntu1.5 released

ruby1.9

oneiric	dne
natty	dne
maverick	dne
lucid	Fixed 1.9.0.2-1ubuntu1 released
karmic	Fixed 1.9.0.2-1ubuntu1 released
jaunty	Fixed 1.9.0.2-1ubuntu1 released
intrepid	Fixed 1.9.0.2-1ubuntu1 released
hardy	ignored
gutsy	ignored
feisty	ignored
dapper	ignored

Common Weakness Enumeration

CWE-189 -

References

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727

https://exchange.xforce.ibmcloud.com/vulnerabilities/43350

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2727

https://exchange.xforce.ibmcloud.com/vulnerabilities/43350

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9606

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html