Vulnerability Note VU#684913
Ruby library contains vulnerable default value
Ruby includes a vulnerable default value that may be used to bypass security restrictions and execute arbitrary code.
Ruby is vulnerable to an attack on applications using the XML-RPC services via XMLRPC.iPIMethods, due to an insecure default value in utils.rb. Any program or application using the XML-RPC services provided by XMLRPC.iPIMethods may be affected. Due to the vulnerability occurring in code that is typically used to provide remote services, this may allow a remote attacker to execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply an update
Please see the Ruby XMLRPC.iPIMethods Vulnerability note for more information, or contact your vendor for an update.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Red Hat, Inc.||Affected||-||18 Oct 2005|
|Ruby||Affected||-||03 Oct 2005|
CVSS Metrics (Learn More)
Thanks to Nobuhiro IMAI for reporting this vulnerability.
This document was written by Ken MacInnis.
- CVE IDs: CAN-2005-1992
- Date Public: 20 Jun 2005
- Date First Published: 03 Oct 2005
- Date Last Updated: 18 Oct 2005
- Severity Metric: 9.11
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.