CVE-2009-5147

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2009-5147
DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names.

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/ Vendor Advisory
https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1248935 Issue Tracking Patch Third Party Advisory VDB Entry
http://seclists.org/oss-sec/2015/q3/222 Patch Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/76060 Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0583
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p195:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p645:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p647:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p598:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p643:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p481:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p353:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p594:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p247:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p576:*:*:*:*:*:*
Information

Published : 2017-03-29 07:59

Updated : 2018-03-27 18:29

NVD link : CVE-2009-5147

Mitre link : CVE-2009-5147

JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa
Products Affected

ruby-lang

  • ruby