Ruby WEBrick Terminal Escape Sequence in Logs Command Injection Vulnerability

Bugtraq ID: 37710
Class: Input Validation Error
CVE: CVE-2009-4492
Remote: Yes
Local: No
Published: Jan 11 2010 12:00AM
Updated: Apr 16 2015 06:13PM
Credit: Giovanni 'evilaliv3' Pellerano, Alessandro 'jekil' Tanasi, and Francesco 'ascii' Ongaro
Vulnerable: Yukihiro Matsumoto Ruby 1.9.1 -p376
Yukihiro Matsumoto Ruby 1.9.1
Yukihiro Matsumoto Ruby 1.9 -2
Yukihiro Matsumoto Ruby 1.9 -1
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.7 -p72
Yukihiro Matsumoto Ruby 1.8.7 -p71
Yukihiro Matsumoto Ruby 1.8.7 -p22
Yukihiro Matsumoto Ruby 1.8.7 -p21
Yukihiro Matsumoto Ruby 1.8.7
Yukihiro Matsumoto Ruby 1.8.6 -p287
Yukihiro Matsumoto Ruby 1.8.6 -p286
Yukihiro Matsumoto Ruby 1.8.6 -p230
Yukihiro Matsumoto Ruby 1.8.6 -p229
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5 -p231
Yukihiro Matsumoto Ruby 1.8.5 -p230
Yukihiro Matsumoto Ruby 1.8.5 -p2
Yukihiro Matsumoto Ruby 1.8.5 -p115
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
+ Red Hat Fedora Core4
+ Red Hat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
+ Red Hat Fedora Core3
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.9.0-3
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.7-p248
Yukihiro Matsumoto Ruby 1.8.7-p173
Yukihiro Matsumoto Ruby 1.8.7-p160
Yukihiro Matsumoto Ruby 1.8.6-p383
Yukihiro Matsumoto Ruby 1.8.6-p369
Yukihiro Matsumoto Ruby 1.8.6-p368
Yukihiro Matsumoto Ruby 0
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu Ubuntu Linux 9.04 lpia
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4.8.z
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Enterprise Linux Long Life 5.6 server
Red Hat Enterprise Linux EUS 5.6.z server
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4.8.z
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux 5 Server
Red Hat Desktop Workstation 5
Pardus Linux 2009 0
Mandriva Linux Mandrake 2010.0 x86_64
Mandriva Linux Mandrake 2010.0
Mandriva Linux Mandrake 2009.1 x86_64
Mandriva Linux Mandrake 2009.1
Mandriva Linux Mandrake 2009.0 x86_64
Mandriva Linux Mandrake 2009.0
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Avaya Aura System Manager 6.2
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1
Not Vulnerable: Yukihiro Matsumoto Ruby 1.9.1-p378
Yukihiro Matsumoto Ruby 1.8.7-p249
Yukihiro Matsumoto Ruby 1.8.6-p388


 

Privacy Statement
Copyright 2010, SecurityFocus