Summary
This host is installed with Ruby and is prone to buffer overflow vulnerability.
Impact
Successful exploitation will allows local attackers to cause buffer overflow and execute arbitrary code on the system or cause the application to crash.
Impact Level: Application.
Solution
Upgrade to Ruby version 1.9.1-p429 or later,
For updates refer to http://rubyforge.org/frs/?group_id=167
Insight
The flaw caused by improper bounds checking when handling filenames on Windows systems. It is not properly validating value assigned to the 'ARGF.inplace_mode' variable.
Affected
Ruby version 1.9.x before 1.9.1-p429 on Windows.
References
Severity
Classification
-
CVE CVE-2010-2489 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities