Summary
The host is installed with Ruby Interpreter and is prone to Heap Overflow Vulnerability.
Impact
Successful exploitation will allow remote attacker to cause denial of service or potentially the execution of arbitrary code.
Impact Level: System/Application.
Solution
Upgrade to version 1.9.3 patchlevel 484, 2.0.0 patchlevel 353,or later.
For updates refer to http://www.ruby-lang.org
Insight
The flaw is due to improper sanitization while processing user supplied input data during conversion of strings to floating point values.
Affected
Ruby Interpreter version 1.8, 1.9 before 1.9.3 Patchlevel 484, 2.0 before 2.0.0 Patchlevel 353.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-4164 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Mac OS X Denial of Service Vulnerability
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
- Apple Remote Desktop Information Disclosure Vulnerability
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)