Published:2011/01/18 Last Updated:2011/01/18
JVN#30414126
Ruby Version Manager escape sequence injection vulnerability
Overview
Ruby Version Manager contains an escape sequence injection vulnerability.
Products Affected
- Ruby Version Manager prior to 1.2.1
Description
Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability.
Impact
A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escape sequence.
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Vendor Status
| Vendor | Link |
| Ruby Version Manager (RVM) | Ruby Version Manager (RVM) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2011.01.18
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | can be attacked over the Internet using packets |
|
| Authentication | anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | the user must be convinced to take a standard action that does not feel harmful to most users, such as click on a link or view a file |
|
| Exploit Complexity | expertise and/or luck required (guessing correctly in medium-sized space, kernel expertise) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2010-3928 |
| JVN iPedia |
JVNDB-2011-000005 |