CVE-2005-1992

Published: Jun 20, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.

Affected (1)

Products: Yukihiro Matsumoto: Ruby

Yukihiro Matsumoto

1 product

Ruby

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yukihiro Matsumoto Ruby	Version 1.8

References (26)

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237

Source: secalert@redhat.com

Patch

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315064

Source: secalert@redhat.com

http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html

Source: secalert@redhat.com

http://secunia.com/advisories/16920/

Source: secalert@redhat.com

http://www.auscert.org.au/5509

Source: secalert@redhat.com

http://www.ciac.org/ciac/bulletins/p-312.shtml

Source: secalert@redhat.com

http://www.debian.org/security/2005/dsa-748

Source: secalert@redhat.com

http://www.kb.cert.org/vuls/id/684913

Source: secalert@redhat.com

US Government Resource

http://www.novell.com/linux/security/advisories/2005_18_sr.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2005-543.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/14016

Source: secalert@redhat.com

http://www2.ruby-lang.org/en/20050701.html

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10819

Source: secalert@redhat.com

http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/5237