Vulnerability Description
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yukihiro Matsumoto | Ruby | 1.8 |
References
- http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237Patch
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
- http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html
- http://secunia.com/advisories/16920/
- http://www.auscert.org.au/5509
- http://www.ciac.org/ciac/bulletins/p-312.shtml
- http://www.debian.org/security/2005/dsa-748
- http://www.kb.cert.org/vuls/id/684913US Government Resource
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://www.redhat.com/support/errata/RHSA-2005-543.html
- http://www.securityfocus.com/bid/14016
- http://www2.ruby-lang.org/en/20050701.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237Patch
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064
FAQ
What is CVE-2005-1992?
CVE-2005-1992 is a vulnerability with a CVSS score of 7.5 (HIGH). The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary co...
How severe is CVE-2005-1992?
CVE-2005-1992 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1992?
Check the references section above for vendor advisories and patch information. Affected products include: Yukihiro Matsumoto Ruby.