Ruby includes a vulnerable default value that may be used to bypass security restrictions and execute arbitrary code.
Ruby is vulnerable to an attack on applications using the XML-RPC services via XMLRPC.iPIMethods, due to an insecure default value in utils.rb. Any program or application using the XML-RPC services provided by XMLRPC.iPIMethods may be affected. Due to the vulnerability occurring in code that is typically used to provide remote services, this may allow a remote attacker to execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply an update
Please see the Ruby XMLRPC.iPIMethods Vulnerability note for more information, or contact your vendor for an update.
Thanks to Nobuhiro IMAI for reporting this vulnerability.
This document was written by Ken MacInnis.
|Date First Published:||2005-10-03|
|Date Last Updated:||2005-10-18 14:44 UTC|