CVE-2008-2726

EUVD-2008-2719

24.06.2008, 19:41

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue.  NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Affected Products (NVD)

Vendor	Product	Version
ruby-lang	ruby	𝑥 ≤ 1.8.4
ruby-lang	ruby	1.8.5 ≤ 𝑥 < 1.8.5.231
ruby-lang	ruby	1.8.6 ≤ 𝑥 < 1.8.6.230
ruby-lang	ruby	1.8.7 ≤ 𝑥 < 1.8.7.22
ruby-lang	ruby	1.9.0 ≤ 𝑥 < 1.9.0.2
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.04
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

ruby1.8

dapper	Fixed 1.8.4-1ubuntu1.5 released
feisty	Fixed 1.8.5-4ubuntu2.2 released
gutsy	Fixed 1.8.6.36-1ubuntu3.2 released
hardy	Fixed 1.8.6.111-2ubuntu1.1 released
intrepid	not-affected
jaunty	not-affected
karmic	not-affected
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	not-affected

ruby1.9

dapper	ignored
feisty	ignored
gutsy	ignored
hardy	ignored
intrepid	Fixed 1.9.0.2-1ubuntu1 released
jaunty	Fixed 1.9.0.2-1ubuntu1 released
karmic	Fixed 1.9.0.2-1ubuntu1 released
lucid	Fixed 1.9.0.2-1ubuntu1 released
maverick	dne
natty	dne
oneiric	dne

Common Weakness Enumeration

CWE-189 -

References

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

https://exchange.xforce.ibmcloud.com/vulnerabilities/43351

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html

http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/

http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html

http://secunia.com/advisories/30802

http://secunia.com/advisories/30831

http://secunia.com/advisories/30867

http://secunia.com/advisories/30875

http://secunia.com/advisories/30894

http://secunia.com/advisories/31062

http://secunia.com/advisories/31090

http://secunia.com/advisories/31181

http://secunia.com/advisories/31256

http://secunia.com/advisories/31687

http://secunia.com/advisories/33178

http://security.gentoo.org/glsa/glsa-200812-17.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562

http://support.apple.com/kb/HT2163

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460

http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206

http://www.debian.org/security/2008/dsa-1612

http://www.debian.org/security/2008/dsa-1618

http://www.mandriva.com/security/advisories?name=MDVSA-2008:140

http://www.mandriva.com/security/advisories?name=MDVSA-2008:141

http://www.mandriva.com/security/advisories?name=MDVSA-2008:142

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/

http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html

http://www.redhat.com/support/errata/RHSA-2008-0561.html

http://www.ruby-forum.com/topic/157034

http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html

http://www.securityfocus.com/archive/1/493688/100/0/threaded

http://www.securityfocus.com/bid/29903

http://www.securitytracker.com/id?1020347

http://www.ubuntu.com/usn/usn-621-1

http://www.vupen.com/english/advisories/2008/1907/references

http://www.vupen.com/english/advisories/2008/1981/references

http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html

https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657

https://exchange.xforce.ibmcloud.com/vulnerabilities/43351

https://issues.rpath.com/browse/RPL-2626

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959

https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html