Ruby "#to_s" Security Bypass Vulnerability

Bugtraq ID: 46458
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2011-1005
Remote: Yes
Local: Yes
Published: Feb 18 2011 12:00AM
Updated: Mar 19 2015 08:31AM
Credit: The vendor reported this issue.
Vulnerable: Yukihiro Matsumoto Ruby 1.8.7 -p72
Yukihiro Matsumoto Ruby 1.8.7 -p71
Yukihiro Matsumoto Ruby 1.8.7 -p22
Yukihiro Matsumoto Ruby 1.8.7 -p21
Yukihiro Matsumoto Ruby 1.8.7
Yukihiro Matsumoto Ruby 1.8.6 -p287
Yukihiro Matsumoto Ruby 1.8.6 -p286
Yukihiro Matsumoto Ruby 1.8.6 -p230
Yukihiro Matsumoto Ruby 1.8.6 -p229
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.7-p330
Yukihiro Matsumoto Ruby 1.8.7-p302
Yukihiro Matsumoto Ruby 1.8.7-p299
Yukihiro Matsumoto Ruby 1.8.7-p249
Yukihiro Matsumoto Ruby 1.8.7-p248
Yukihiro Matsumoto Ruby 1.8.7-p173
Yukihiro Matsumoto Ruby 1.8.7-p160
Yukihiro Matsumoto Ruby 1.8.6-p420
Yukihiro Matsumoto Ruby 1.8.6-p399
Yukihiro Matsumoto Ruby 1.8.6-p388
Yukihiro Matsumoto Ruby 1.8.6-p383
Yukihiro Matsumoto Ruby 1.8.6-p369
Yukihiro Matsumoto Ruby 1.8.6-p368
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
Ubuntu Ubuntu Linux 11.04 powerpc
Ubuntu Ubuntu Linux 11.04 i386
Ubuntu Ubuntu Linux 11.04 ARM
Ubuntu Ubuntu Linux 11.04 amd64
Ubuntu Ubuntu Linux 10.10 powerpc
Ubuntu Ubuntu Linux 10.10 i386
Ubuntu Ubuntu Linux 10.10 ARM
Ubuntu Ubuntu Linux 10.10 amd64
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 ARM
Ubuntu Ubuntu Linux 10.04 amd64
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server EUS 6.1.z
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux Long Life 5.6 server
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux EUS 5.6.z server
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Redhat Desktop Workstation 5
Pardus Linux 2009 0
Oracle Solaris 11.1
Mandriva Linux Mandrake 2010.1 x86_64
Mandriva Linux Mandrake 2010.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Avaya Aura System Manager 6.3.1
Avaya Aura System Manager 6.3
Avaya Aura System Manager 6.2.3
Avaya Aura System Manager 6.2
Avaya Aura System Manager 6.1.5
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1
Apple Mac OS X Server 10.6.6
Apple Mac OS X Server 10.6.5
Apple Mac OS X Server 10.6.4
Apple Mac OS X Server 10.6.3
Apple Mac OS X Server 10.6.2
Apple Mac OS X Server 10.6.1
Apple Mac OS X Server 10.7.3
Apple Mac OS X Server 10.7.2
Apple Mac OS X Server 10.7.1
Apple Mac OS X Server 10.7
Apple Mac OS X Server 10.6.8
Apple Mac OS X Server 10.6.7
Apple Mac OS X Server 10.6
Apple Mac OS X 10.6.6
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.5
Apple Mac OS X 10.6.4
Apple Mac OS X 10.6.3
Apple Mac OS X 10.6.2
Apple Mac OS X 10.6.1
Apple Mac OS X 10.7.3
Apple Mac OS X 10.7.2
Apple Mac OS X 10.7.1
Apple Mac OS X 10.7
Apple Mac OS X 10.6.8
Apple Mac OS X 10.6.7
Apple Mac OS X 10.6
Not Vulnerable: Yukihiro Matsumoto Ruby 1.8.7-p334
Oracle Solaris 11.1.11.4.0
Avaya Aura System Manager 6.3.2
Apple Mac OS X Server 10.7.4
Apple Mac OS X 10.7.4


 

Privacy Statement
Copyright 2010, SecurityFocus