CVE-2005-2337
published 2005-10-07CVE-2005-2337: Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute…
PriorityP431high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.26%
86.8th percentile
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
| yukihiro_matsumoto | ruby | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerability
vendor_ubuntu·2005-10-10
CVE-2005-2337 Ruby vulnerability
Title: Ruby vulnerability
Summary: Ruby vulnerability
The object oriented scripting language Ruby supports safely executing
untrusted code with two mechanisms: safe level and taint flag on
objects. Dr. Yutaka Oiwa discovered a vulnerability that allows
Ruby methods to bypass these mechanisms. In systems which use this
feature, this could be exploited to execute Ruby code beyond the
restrictions specified in each safe level.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Xine library vulnerability
vendor_ubuntu·2005-10-10
CVE-2005-2337 Xine library vulnerability
Title: Xine library vulnerability
Summary: Xine library vulnerability
Ulf Harnhammar discovered a format string vulnerability in the CDDB
module's cache file handling in the Xine library, which is
used by packages such as xine-ui, totem-xine, and gxine.
By tricking an user into playing a particular audio CD which has a
specially-crafted CDDB entry, a remote attacker could exploit this
vulnerability to execute arbitrary code with the privileges of the
user running the application. Since CDDB servers usually allow anybody
to add and modify information, this exploit does not even require a
particular CDDB server to be selected.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2005-09-23·CVSS 7.5
CVE-2005-2337 [HIGH] security flaw
security flaw
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
GHSA
GHSA-w8mr-4m5w-x8wv: Ruby 1
ghsa_unreviewed·2022-05-01
CVE-2005-2337 [HIGH] GHSA-w8mr-4m5w-x8wv: Ruby 1
Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).
No detection rules found.
No public exploits indexed.
http://jvn.jp/jp/JVN%2362914675/index.htmlhttp://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://secunia.com/advisories/16904http://secunia.com/advisories/17094http://secunia.com/advisories/17098http://secunia.com/advisories/17129http://secunia.com/advisories/17147http://secunia.com/advisories/17285http://secunia.com/advisories/19130http://secunia.com/advisories/20077http://securityreason.com/securityalert/59http://www.debian.org/security/2005/dsa-860http://www.debian.org/security/2005/dsa-862http://www.debian.org/security/2005/dsa-864http://www.gentoo.org/security/en/glsa/glsa-200510-05.xmlhttp://www.kb.cert.org/vuls/id/160012http://www.mandriva.com/security/advisories?name=MDKSA-2005:191http://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-799.htmlhttp://www.ruby-lang.org/en/20051003.htmlhttp://www.securityfocus.com/bid/14909http://www.securityfocus.com/bid/17951http://www.securitytracker.com/alerts/2005/Sep/1014948.htmlhttp://www.ubuntu.com/usn/usn-195-1http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/22360https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564http://jvn.jp/jp/JVN%2362914675/index.htmlhttp://lists.apple.com/archives/security-announce/2006/May/msg00003.htmlhttp://secunia.com/advisories/16904http://secunia.com/advisories/17094http://secunia.com/advisories/17098http://secunia.com/advisories/17129http://secunia.com/advisories/17147http://secunia.com/advisories/17285http://secunia.com/advisories/19130http://secunia.com/advisories/20077http://securityreason.com/securityalert/59http://www.debian.org/security/2005/dsa-860http://www.debian.org/security/2005/dsa-862http://www.debian.org/security/2005/dsa-864http://www.gentoo.org/security/en/glsa/glsa-200510-05.xmlhttp://www.kb.cert.org/vuls/id/160012http://www.mandriva.com/security/advisories?name=MDKSA-2005:191http://www.novell.com/linux/security/advisories/2006_05_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2005-799.htmlhttp://www.ruby-lang.org/en/20051003.htmlhttp://www.securityfocus.com/bid/14909http://www.securityfocus.com/bid/17951http://www.securitytracker.com/alerts/2005/Sep/1014948.htmlhttp://www.ubuntu.com/usn/usn-195-1http://www.us-cert.gov/cas/techalerts/TA06-132A.htmlhttp://www.vupen.com/english/advisories/2006/1779https://exchange.xforce.ibmcloud.com/vulnerabilities/22360https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564
2005-10-07
Published