CVE-2011-1005Incorrect Privilege Assignment in Ruby

CWE-264CWE-266Incorrect Privilege AssignmentCWE-377Insecure Temporary File16 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
2.1%
top 15.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ruby-lang Ruby
Timeline
PublishedMar 2
Latest updateMay 17

Description

The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDruby-lang/ruby5 versions+4

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.ruby-lang.org

🔴Vulnerability Details

2
GHSA
GHSA-h2rc-3ppq-6pjg: The safe-level feature in Ruby 12022-05-17
CVEList
CVE-2011-1005: The safe-level feature in Ruby 12011-03-02

💥Exploits & PoCs

1
Exploit-DB
Sphinix Mobile Web Server 3.1.2.47 - Multiple Persistent Cross-Site Scripting Vulnerabilities2012-02-02

📋Vendor Advisories

7
Red Hat
ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects2012-10-05
Red Hat
ruby: safe level bypass via name_err_mesg_to_str()2012-10-02
Red Hat
1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics2012-09-28
Ubuntu
Ruby vulnerabilities2012-09-26
Ubuntu
Ruby vulnerabilities2012-02-28

💬Community

5
Bugzilla
CVE-2012-4481 ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects2012-10-05
Bugzilla
CVE-2012-4466 ruby: safe level bypass via name_err_mesg_to_str()2012-10-03
Bugzilla
ruby: safe level bypass via name_err_mesg_to_str()2012-10-03
Bugzilla
CVE-2012-4464 ruby 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics2012-10-03
Bugzilla
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings2011-02-20
CVE-2011-1005 — Incorrect Privilege Assignment in Ruby | cvebase