CVE-2012-4466

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=862614
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466/ Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/10/03/9
http://www.openwall.com/lists/oss-security/2012/10/02/4
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294
http://www.mandriva.com/security/advisories?name=MDVSA-2013:124
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p248:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p249:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p357:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p358:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:p0:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p370:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p330:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p334:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p299:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p352:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p301:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p160:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p174:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p173:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p302:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:p72:*:*:*:*:*:*
cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*
Information

Published : 2013-04-25 16:55

Updated : 2014-02-11 20:39

NVD link : CVE-2012-4466

Mitre link : CVE-2012-4466

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

ruby-lang

  • ruby