CVE-2008-2726

Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/	Third Party Advisory
http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities	Third Party Advisory
http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/	Third Party Advisory
http://www.ruby-forum.com/topic/157034	Third Party Advisory
http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html	Third Party Advisory
http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html	Broken Link
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460	Vendor Advisory
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/	Patch Vendor Advisory
http://www.securityfocus.com/bid/29903	Third Party Advisory VDB Entry
http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html	Third Party Advisory
http://www.debian.org/security/2008/dsa-1612	Third Party Advisory
http://secunia.com/advisories/31256	Third Party Advisory
http://www.debian.org/security/2008/dsa-1618	Third Party Advisory
http://support.apple.com/kb/HT2163	Third Party Advisory
http://secunia.com/advisories/31181	Third Party Advisory
http://secunia.com/advisories/30802	Third Party Advisory
http://secunia.com/advisories/31090	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0561.html	Third Party Advisory
http://secunia.com/advisories/31062	Third Party Advisory
http://www.securitytracker.com/id?1020347	Third Party Advisory VDB Entry
https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html	Third Party Advisory
http://secunia.com/advisories/30831	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html	Third Party Advisory
http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html	Mailing List Third Party Advisory
http://secunia.com/advisories/31687	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:141	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:140	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:142	Third Party Advisory
https://issues.rpath.com/browse/RPL-2626	Broken Link
http://secunia.com/advisories/30875	Third Party Advisory
http://secunia.com/advisories/30867	Third Party Advisory
http://www.ubuntu.com/usn/usn-621-1	Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206	Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562	Third Party Advisory
http://secunia.com/advisories/30894	Third Party Advisory
http://secunia.com/advisories/33178	Third Party Advisory
http://security.gentoo.org/glsa/glsa-200812-17.xml	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1907/references	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1981/references	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/43351	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959	Third Party Advisory
http://www.securityfocus.com/archive/1/493688/100/0/threaded	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::
	cpe:2.3:a:ruby-lang:ruby::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::

Information

Published : 2008-06-24 12:41

Updated : 2018-11-01 08:07

NVD link : CVE-2008-2726

Mitre link : CVE-2008-2726

JSON object : View

CWE

CWE-189

Numeric Errors

Products Affected

debian

debian_linux

canonical

ubuntu_linux

ruby-lang

ruby

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "name": "http://blog.phusion.nl/2008/06/23/ruby-186-p230187-broke-your-app-ruby-enterprise-edition-to-the-rescue/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "name": "http://weblog.rubyonrails.org/2008/6/21/multiple-ruby-security-vulnerabilities", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "name": "http://www.matasano.com/log/1070/updates-on-drew-yaos-terrible-ruby-vulnerabilities/", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.ruby-forum.com/topic/157034", "name": "http://www.ruby-forum.com/topic/157034", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "name": "http://www.rubyinside.com/june-2008-ruby-security-vulnerabilities-927.html", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "name": "http://www.zedshaw.com/rants/the_big_ruby_vulnerabilities.html", "tags": ["Broken Link"], "refsource": "MISC"}, {"url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=17460", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "name": "http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/29903", "name": "29903", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.redhat.com/archives/fedora-security-commits/2008-June/msg00005.html", "name": "[fedora-security-commits] 20080620 fedora-security/audit f10, 1.7, 1.8 f8, 1.225, 1.226 f9, 1.215, 1.216", "tags": ["Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.debian.org/security/2008/dsa-1612", "name": "DSA-1612", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/31256", "name": "31256", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2008/dsa-1618", "name": "DSA-1618", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://support.apple.com/kb/HT2163", "name": "http://support.apple.com/kb/HT2163", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/31181", "name": "31181", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/30802", "name": "30802", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/31090", "name": "31090", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0561.html", "name": "RHSA-2008:0561", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/31062", "name": "31062", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1020347", "name": "1020347", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", "name": "https://bugs.launchpad.net/ubuntu/+source/ruby1.8/+bug/241657", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00937.html", "name": "FEDORA-2008-5649", "tags": ["Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://secunia.com/advisories/30831", "name": "30831", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html", "name": "SUSE-SR:2008:017", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html", "name": "APPLE-SA-2008-06-30", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/31687", "name": "31687", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:141", "name": "MDVSA-2008:141", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:140", "name": "MDVSA-2008:140", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:142", "name": "MDVSA-2008:142", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "https://issues.rpath.com/browse/RPL-2626", "name": "https://issues.rpath.com/browse/RPL-2626", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/30875", "name": "30875", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/30867", "name": "30867", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-621-1", "name": "USN-621-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0206", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "name": "SSA:2008-179-01", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://secunia.com/advisories/30894", "name": "30894", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33178", "name": "33178", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://security.gentoo.org/glsa/glsa-200812-17.xml", "name": "GLSA-200812-17", "tags": ["Third Party Advisory"], "refsource": "GENTOO"}, {"url": "http://www.vupen.com/english/advisories/2008/1907/references", "name": "ADV-2008-1907", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2008/1981/references", "name": "ADV-2008-1981", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43351", "name": "ruby-rbarysplice-begrlen-code-execution(43351)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9959", "name": "oval:org.mitre.oval:def:9959", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/493688/100/0/threaded", "name": "20080626 rPSA-2008-0206-1 ruby", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2; and (2) the rb_ary_replace function in 1.6.x allows context-dependent attackers to trigger memory corruption, aka the \"beg + rlen\" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-189"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-2726", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2008-06-24T19:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.8.5.231", "versionStartIncluding": "1.8.5"}, {"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.8.6.230", "versionStartIncluding": "1.8.6"}, {"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.8.7.22", "versionStartIncluding": "1.8.7"}, {"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.9.0.2", "versionStartIncluding": "1.9.0"}, {"cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.8.4"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-11-01T15:07Z"}

7.8 /10