Main Vulnerability Database SB2012101107

SB2012101107 - Permissions, Privileges, and Access Controls in ruby (Alpine package)

Published: October 11, 2012

Security Bulletin ID SB2012101107

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-4464)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=45607bc1477202e1308cc8dcb038fe9fc67885b7