Vulnerability Note VU#160012
Ruby safe-level security model bypass
Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied.
Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels describe the mode of operation that is allowed on potentially tainted objects. A flaw in eval.c may result in Ruby failing to enforce the safe-level protections. This may result in arbitrary code being executed without the appropriate and intended security mechanisms applied. Specifically, if the program is passed through standard input (stdin), the safe level may be ignored and hence bypassed.
An attacker may be able to run arbitrary code without security checks being applied. An application may be designed in such a manner that this results in remote, unauthenticated arbitrary code execution.
Apply an update
Ruby 1.8.3 is the stable release that addresses this issue. Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the Ruby vulnerability note for the issue.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Red Hat, Inc.||Affected||-||18 Oct 2005|
|Ruby||Affected||-||05 Oct 2005|
CVSS Metrics (Learn More)
Thanks to the Ruby project for reporting this vulnerability, who in turn thank Dr. Yutaka Oiwa, Research Center for Information Security, National Institute of Advanced Industrial Science and Technology for information on the issue.
This document was written by Ken MacInnis.
- CVE IDs: CVE-2005-2337
- Date Public: 23 Sep 2005
- Date First Published: 05 Oct 2005
- Date Last Updated: 16 Dec 2005
- Severity Metric: 2.56
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.