Published:2006/07/11 Last Updated:2008/05/21
JVN#83768862
Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox
Overview
Safe levels exist as a part of the Ruby language security model, in order to limit the operation of untrusted objects. Ruby contains a vulnerability which may allow an attacker to bypass the safe level restrictions and execute normally inaccessible methods, due to a problem in Ruby's alias function.
Products Affected
- Ruby 1.8.4-20060328 and earlier Snapshot versions
Description
Impact
An attacker could force programs to crash.
Solution
Vendor Status
| Vendor | Link |
| Ruby |
http://www.ruby-lang.org/ja/ |
References
JPCERT/CC Addendum
Credit
Akira Tanaka of National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000858 |