Vulnerability-Lookup

CVE-2008-3655 (GCVE-0-2008-3655)

Vulnerability from cvelistv5 – Published: 2008-08-13 01:00 – Updated: 2024-08-07 09:45

Summary

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/31430	third-party-advisoryx_refsource_SECUNIA
	http://www.securitytracker.com/id?1020656	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/31697	third-party-advisoryx_refsource_SECUNIA
	https://usn.ubuntu.com/651-1/	vendor-advisoryx_refsource_UBUNTU
	http://support.apple.com/kb/HT3549	x_refsource_CONFIRM
	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264	x_refsource_CONFIRM
	http://www.debian.org/security/2008/dsa-1652	vendor-advisoryx_refsource_DEBIAN
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/35074	third-party-advisoryx_refsource_SECUNIA
	http://support.avaya.com/elmodocs2/security/ASA-2…	x_refsource_CONFIRM
	http://www.debian.org/security/2008/dsa-1651	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://www.redhat.com/support/errata/RHSA-2008-08…	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/30644	vdb-entryx_refsource_BID
	http://www.redhat.com/support/errata/RHSA-2008-08…	vendor-advisoryx_refsource_REDHAT
	http://www.ruby-lang.org/en/news/2008/08/08/multi…	x_refsource_CONFIRM
	http://secunia.com/advisories/32219	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	third-party-advisoryx_refsource_CERT
	http://secunia.com/advisories/32255	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1297	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/495884/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/32371	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/32165	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200812-17.xml	vendor-advisoryx_refsource_GENTOO
	http://secunia.com/advisories/33178	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2008/2334	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/32372	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401	x_refsource_CONFIRM
	http://secunia.com/advisories/32256	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:18.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31430",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31430"
          },
          {
            "name": "1020656",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020656"
          },
          {
            "name": "31697",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31697"
          },
          {
            "name": "USN-651-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/651-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
          },
          {
            "name": "DSA-1652",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1652"
          },
          {
            "name": "FEDORA-2008-8736",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11602",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
          },
          {
            "name": "35074",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
          },
          {
            "name": "DSA-1651",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2008/dsa-1651"
          },
          {
            "name": "ruby-safelevel-security-bypass(44369)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "RHSA-2008:0895",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
          },
          {
            "name": "30644",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30644"
          },
          {
            "name": "RHSA-2008:0897",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
          },
          {
            "name": "32219",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32219"
          },
          {
            "name": "TA09-133A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "32255",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32255"
          },
          {
            "name": "ADV-2009-1297",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "20080831 rPSA-2008-0264-1 ruby",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
          },
          {
            "name": "32371",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32371"
          },
          {
            "name": "32165",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32165"
          },
          {
            "name": "GLSA-200812-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
          },
          {
            "name": "33178",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33178"
          },
          {
            "name": "ADV-2008-2334",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2334"
          },
          {
            "name": "32372",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32372"
          },
          {
            "name": "FEDORA-2008-8738",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
          },
          {
            "name": "32256",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32256"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31430",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31430"
        },
        {
          "name": "1020656",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020656"
        },
        {
          "name": "31697",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31697"
        },
        {
          "name": "USN-651-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/651-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3549"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
        },
        {
          "name": "DSA-1652",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1652"
        },
        {
          "name": "FEDORA-2008-8736",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11602",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
        },
        {
          "name": "35074",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35074"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
        },
        {
          "name": "DSA-1651",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2008/dsa-1651"
        },
        {
          "name": "ruby-safelevel-security-bypass(44369)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
        },
        {
          "name": "APPLE-SA-2009-05-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
        },
        {
          "name": "RHSA-2008:0895",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
        },
        {
          "name": "30644",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30644"
        },
        {
          "name": "RHSA-2008:0897",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
        },
        {
          "name": "32219",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32219"
        },
        {
          "name": "TA09-133A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
        },
        {
          "name": "32255",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32255"
        },
        {
          "name": "ADV-2009-1297",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1297"
        },
        {
          "name": "20080831 rPSA-2008-0264-1 ruby",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
        },
        {
          "name": "32371",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32371"
        },
        {
          "name": "32165",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32165"
        },
        {
          "name": "GLSA-200812-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
        },
        {
          "name": "33178",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33178"
        },
        {
          "name": "ADV-2008-2334",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2334"
        },
        {
          "name": "32372",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32372"
        },
        {
          "name": "FEDORA-2008-8738",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
        },
        {
          "name": "32256",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32256"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3655",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31430",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31430"
            },
            {
              "name": "1020656",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020656"
            },
            {
              "name": "31697",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31697"
            },
            {
              "name": "USN-651-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/651-1/"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
              "refsource": "CONFIRM",
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
            },
            {
              "name": "DSA-1652",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1652"
            },
            {
              "name": "FEDORA-2008-8736",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11602",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
            },
            {
              "name": "DSA-1651",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2008/dsa-1651"
            },
            {
              "name": "ruby-safelevel-security-bypass(44369)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "RHSA-2008:0895",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
            },
            {
              "name": "30644",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30644"
            },
            {
              "name": "RHSA-2008:0897",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
            },
            {
              "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
              "refsource": "CONFIRM",
              "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
            },
            {
              "name": "32219",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32219"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "32255",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32255"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "20080831 rPSA-2008-0264-1 ruby",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
            },
            {
              "name": "32371",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32371"
            },
            {
              "name": "32165",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32165"
            },
            {
              "name": "GLSA-200812-17",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
            },
            {
              "name": "33178",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33178"
            },
            {
              "name": "ADV-2008-2334",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2334"
            },
            {
              "name": "32372",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32372"
            },
            {
              "name": "FEDORA-2008-8738",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
            },
            {
              "name": "32256",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32256"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3655",
    "datePublished": "2008-08-13T01:00:00.000Z",
    "dateReserved": "2008-08-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:45:18.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-3655

Vulnerability from fkie_nvd - Published: 2008-08-13 01:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
cve@mitre.org	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
cve@mitre.org	http://secunia.com/advisories/31430	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31697	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32165	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32219	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32255	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32256	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32371	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/32372	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33178	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/35074	Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200812-17.xml
cve@mitre.org	http://support.apple.com/kb/HT3549
cve@mitre.org	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
cve@mitre.org	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264
cve@mitre.org	http://www.debian.org/security/2008/dsa-1651	Patch
cve@mitre.org	http://www.debian.org/security/2008/dsa-1652
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0895.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0897.html
cve@mitre.org	http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/495884/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/30644	Exploit, Patch
cve@mitre.org	http://www.securitytracker.com/id?1020656
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2334	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2009/1297	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/44369
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602
cve@mitre.org	https://usn.ubuntu.com/651-1/
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31430	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31697	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32165	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32219	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32255	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32256	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32371	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32372	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33178	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35074	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200812-17.xml
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3549
af854a3a-2127-422b-91ae-364da2661108	http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1651	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2008/dsa-1652
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0895.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0897.html
af854a3a-2127-422b-91ae-364da2661108	http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/495884/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30644	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020656
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2334	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1297	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/44369
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/651-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html

Impacted products

Vendor	Product	Version
ruby-lang	ruby	*
ruby-lang	ruby	1.6.8
ruby-lang	ruby	1.8.0
ruby-lang	ruby	1.8.1
ruby-lang	ruby	1.8.1
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.2
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.3
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.4
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.5
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.6
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.8.7
ruby-lang	ruby	1.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9721AB68-8002-4F85-98BC-0E6FDF7CDF6C",
              "versionEndIncluding": "1.8.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "46086C6A-9068-4959-BEE7-4D76BDEA3962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16BDFA5C-35BE-4B7E-BD2D-C28B095F62E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "31160797-6920-4BA1-B355-1CCD1FCDBFC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*",
              "matchCriteriaId": "BC306E85-66D8-4384-BBC3-92DC99C85FC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5675C37-39EF-41EF-9A53-3FCE4CF23820",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "39609530-0A81-481E-BDA4-5A98327EAD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "C19ADE91-4D9E-43ED-A605-E504B9090119",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "D89E3027-C2ED-4CC6-86F5-1B791576B6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F29ADA-E6DC-456F-9E63-C56C68EF7E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "57B1C113-682E-4F7D-BCF0-E30C446C4AC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "4BAF9471-B532-4194-AB3C-5AA28432FF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "51BE9728-A5FE-486A-8DB9-711E46243132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AC1B910-C0FA-4943-92B1-597842E84015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "A78ECCA9-6F07-4A63-8BF7-8D40F2439552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "14513719-4ED8-4EAB-B4D8-29849B868BA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "92E3814D-BEEA-4E46-9CED-9D8059727D14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*",
              "matchCriteriaId": "CA7D3F32-EFB7-4628-9328-36C6A306B399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*",
              "matchCriteriaId": "D1A95E9F-AEC5-4AF9-B7D9-52DDDECB7E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*",
              "matchCriteriaId": "9328DE73-420B-4280-85A4-ABEFC4679676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*",
              "matchCriteriaId": "0F382FBD-6163-4A5B-AEB3-A15A843329F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*",
              "matchCriteriaId": "4399121F-9BC7-4A67-8B0B-ED3B94A16D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*",
              "matchCriteriaId": "BFE61EB9-2544-4E48-B313-63A99F4F5241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "6122187F-2371-429A-971B-419B4ACE8E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "8A42425D-FF21-4863-B43D-EE100DBE6BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "06512108-020D-4D71-8F60-6AA2052D7D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "E2E152A5-F625-4061-AD8C-4CFA085B674F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*",
              "matchCriteriaId": "756F5247-658C-412C-ACBF-CBE987DF748A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "876B2575-4F81-4A70-9A88-9BEE44649626",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*",
              "matchCriteriaId": "DF02372D-FD0B-453F-821E-1E0BA7900711",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*",
              "matchCriteriaId": "0A6ED369-E564-4D4F-9E23-A8125194EAD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*",
              "matchCriteriaId": "ACC0DB90-C072-4BCB-9082-94394F547D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*",
              "matchCriteriaId": "4D7ED62B-4D88-46A4-A0A3-BD37E66A5211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*",
              "matchCriteriaId": "072A0C3C-9F47-4DC7-96EA-7980B45429DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*",
              "matchCriteriaId": "FB0372E4-FE3E-49CD-AF55-E2E4518D34F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "04579340-B53F-47B5-99C9-B647AAA3D303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "9D7F4162-108A-470B-8E6B-C009E8C56AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "73AB0545-3D8D-4623-8381-D71DA44E3B5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D86FC99-3521-4E22-8FD3-65CEB05A6342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*",
              "matchCriteriaId": "84A291B0-EABD-4572-B8E2-2457DBAEDC92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*",
              "matchCriteriaId": "1FE05F3A-A8B5-45EE-BF52-D55E2768F890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*",
              "matchCriteriaId": "0C6D66E2-3E10-4DEA-9E6B-53A5DE78AFCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*",
              "matchCriteriaId": "4E37786B-5336-4182-A1E3-801BDB6F61EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*",
              "matchCriteriaId": "349D014E-223A-46A7-8334-543DB330C215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*",
              "matchCriteriaId": "550EC183-43A1-4A63-A23C-A48C1F078451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*",
              "matchCriteriaId": "0ACECF59-AA88-4B5C-A671-83842C9CF072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52179EC7-CAF0-42AA-A21A-7105E10CA122",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
    },
    {
      "lang": "es",
      "value": "Ruby versiones 1.8.5 y anteriores, versiones 1.8.6 hasta 1.8.6-p286, versiones 1.8.7 hasta 1.8.7-p71, y versiones 1.9 hasta r18423, no restringe apropiadamente el acceso a variables y m\u00e9todos cr\u00edticos en varios niveles seguros, lo que permite a los atacantes dependiendo del contexto omitir las restricciones de acceso previstas por medio de (1) untrace_var, (2) $PROGRAM_NAME, y (3) syslog en nivel seguro 4 y (4) m\u00e9todos no confiables en los niveles seguros 1 a 3."
    }
  ],
  "id": "CVE-2008-3655",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-08-13T01:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31697"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32255"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32256"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1651"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2008/dsa-1652"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30644"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020656"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/651-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32256"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2008/dsa-1651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2008/dsa-1652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30644"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/651-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2008-3655

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-3655

Aliases

CVE-2008-3655

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-3655",
    "description": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
    "id": "GSD-2008-3655",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-3655.html",
      "https://www.debian.org/security/2008/dsa-1651",
      "https://www.debian.org/security/2008/dsa-1652",
      "https://access.redhat.com/errata/RHSA-2008:0897",
      "https://access.redhat.com/errata/RHSA-2008:0896",
      "https://access.redhat.com/errata/RHSA-2008:0895",
      "https://linux.oracle.com/cve/CVE-2008-3655.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-3655"
      ],
      "details": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
      "id": "GSD-2008-3655",
      "modified": "2023-12-13T01:23:05.181187Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-3655",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "31430",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31430"
          },
          {
            "name": "1020656",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020656"
          },
          {
            "name": "31697",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31697"
          },
          {
            "name": "USN-651-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/651-1/"
          },
          {
            "name": "http://support.apple.com/kb/HT3549",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3549"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
            "refsource": "CONFIRM",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
          },
          {
            "name": "DSA-1652",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1652"
          },
          {
            "name": "FEDORA-2008-8736",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11602",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
          },
          {
            "name": "35074",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/35074"
          },
          {
            "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
            "refsource": "CONFIRM",
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
          },
          {
            "name": "DSA-1651",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2008/dsa-1651"
          },
          {
            "name": "ruby-safelevel-security-bypass(44369)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
          },
          {
            "name": "APPLE-SA-2009-05-12",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
          },
          {
            "name": "RHSA-2008:0895",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
          },
          {
            "name": "30644",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30644"
          },
          {
            "name": "RHSA-2008:0897",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
          },
          {
            "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
            "refsource": "CONFIRM",
            "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
          },
          {
            "name": "32219",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32219"
          },
          {
            "name": "TA09-133A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
          },
          {
            "name": "32255",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32255"
          },
          {
            "name": "ADV-2009-1297",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/1297"
          },
          {
            "name": "20080831 rPSA-2008-0264-1 ruby",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
          },
          {
            "name": "32371",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32371"
          },
          {
            "name": "32165",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32165"
          },
          {
            "name": "GLSA-200812-17",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
          },
          {
            "name": "33178",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33178"
          },
          {
            "name": "ADV-2008-2334",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2334"
          },
          {
            "name": "32372",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32372"
          },
          {
            "name": "FEDORA-2008-8738",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
          },
          {
            "name": "32256",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32256"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.1:-9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p35:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p110:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p114:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p71:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p36:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p111:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p11:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p113:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.8.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p115:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:p12:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p17:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:p22:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p286:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:p230:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3655"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
            },
            {
              "name": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/"
            },
            {
              "name": "1020656",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020656"
            },
            {
              "name": "31697",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31697"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
            },
            {
              "name": "30644",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/30644"
            },
            {
              "name": "DSA-1651",
              "refsource": "DEBIAN",
              "tags": [
                "Patch"
              ],
              "url": "http://www.debian.org/security/2008/dsa-1651"
            },
            {
              "name": "32255",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32255"
            },
            {
              "name": "32256",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32256"
            },
            {
              "name": "DSA-1652",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2008/dsa-1652"
            },
            {
              "name": "33178",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33178"
            },
            {
              "name": "GLSA-200812-17",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
            },
            {
              "name": "31430",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31430"
            },
            {
              "name": "32219",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32219"
            },
            {
              "name": "32165",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32165"
            },
            {
              "name": "FEDORA-2008-8738",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
            },
            {
              "name": "FEDORA-2008-8736",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
            },
            {
              "name": "RHSA-2008:0895",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
            },
            {
              "name": "RHSA-2008:0897",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
            },
            {
              "name": "32372",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32372"
            },
            {
              "name": "32371",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/32371"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
            },
            {
              "name": "APPLE-SA-2009-05-12",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3549",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3549"
            },
            {
              "name": "35074",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/35074"
            },
            {
              "name": "TA09-133A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
            },
            {
              "name": "ADV-2009-1297",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/1297"
            },
            {
              "name": "ADV-2008-2334",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/2334"
            },
            {
              "name": "ruby-safelevel-security-bypass(44369)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
            },
            {
              "name": "oval:org.mitre.oval:def:11602",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
            },
            {
              "name": "USN-651-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/651-1/"
            },
            {
              "name": "20080831 rPSA-2008-0264-1 ruby",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-11T20:48Z",
      "publishedDate": "2008-08-13T01:41Z"
    }
  }
}

CERTA-2009-AVI-186

Vulnerability from certfr_avis - Published: 2009-05-13 - Updated: 2009-05-13

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. L'exploitation de certaines d'entre elles peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le système d'exploitation Apple Mac OS X. Elles touchent divers composants et services installés comme CFNetworks (manipulation des échanges HTTP), CoreGraphics (manipulation de fichiers PDF), Help Viewer (manipulation de l'URI help:), QuickDraw Manager (manipulation d'images PICT), Safari (manipulation de l'URI feed:), OpenSSL, PHP, WebKit, X11, etc.

L'exploitation de certaines de ces vulnérabilités peut conduire à l'exécution de code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité 2009-002 de Apple pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Mac OS X Server version 10.4.11 ainsi que celles antérieures.
Apple	N/A	Mac OS X Server version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.5.6 ainsi que celles antérieures ;
Apple	N/A	Mac OS X version 10.4.11 ainsi que celles antérieures ;

References

Title

Publication Time

GHSA-P524-PPF2-W36W

Vulnerability from github – Published: 2022-05-02 00:02 – Updated: 2025-04-09 03:57

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-3655"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-08-13T01:41:00Z",
    "severity": "HIGH"
  },
  "details": "Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.",
  "id": "GHSA-p524-ppf2-w36w",
  "modified": "2025-04-09T03:57:31Z",
  "published": "2022-05-02T00:02:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44369"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/651-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31430"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31697"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32165"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32219"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32255"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32256"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32371"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32372"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33178"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35074"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200812-17.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3549"
    },
    {
      "type": "WEB",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-424.htm"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0264"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1651"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2008/dsa-1652"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0895.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0897.html"
    },
    {
      "type": "WEB",
      "url": "http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/495884/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30644"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020656"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2334"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1297"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-3655 (GCVE-0-2008-3655)

FKIE_CVE-2008-3655

GSD-2008-3655

CERTA-2009-AVI-186

Description

Solution

GHSA-P524-PPF2-W36W

Tags

Sightings

Nomenclature