|
|
Subscribe / Log in / New account

ruby: bypass object flags

Package(s):ruby1.8 CVE #(s):CAN-2005-2337
Created:October 10, 2005 Updated:October 21, 2005
Description: The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploited to execute Ruby code beyond the restrictions specified in each safe level.
Alerts:
Mandriva MDKSA-2005:191 ruby 2005-10-20
Debian DSA-864-1 ruby1.8 2005-10-13
Red Hat RHSA-2005:799-01 ruby 2005-10-11
Debian DSA-862-1 ruby1.8 2005-10-11
Debian DSA-860-1 ruby 2005-10-11
Ubuntu USN-195-1 ruby1.8 2005-10-10
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds