French Security Incident Response Team

FrSIRT   

      

   français French  anglais English

 
Vulnerability Notification Service
 FrSIRT Partner Program
 14-Day Free Trial
Contact FrSIRT Sales Dept.
 

Security Advisories
Linux Security Advisories
Virus and Threats Advisories
Latest Security News
Latest Zero Day Threats
Advisories and vulnerabilities by Vendor
Advisories and vulnerabilities by Keyword
 

Report a security incident
Report a new vulnerability
Security Mailinglist
 

Our Company
FrSIRT in the News
Advertise on FrSIRT.COM
Security Researchers and Exploit Writers Jobs
Contact Us

Mandriva Security Update Fixes Ruby Security Bypass Vulnerabilities

Title : Mandriva Security Update Fixes Ruby Security Bypass Vulnerabilities
Advisory ID : FrSIRT/ADV-2008-0334
CVE ID : CVE-2007-5162 - CVE-2007-5770
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-01-31

Advisory Details
 
  Description
  Affected Products
  Solution
  References
Technical Description    Receive FrSIRT alerts in a Text format  Receive FrSIRT alerts in a PDF format  Receive FrSIRT alerts in an XML format  Receive FrSIRT notifications by SMS 

Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to bypass security restrictions [...]

Solution

Upgrade the affected packages :

Mandriva Linux 2007.0:
7d6503b580cadab905ac3ef4fde32495 2007.0/i586/ruby-1.8.5-2.3mdv2007.0.i586.rpm
03f626e55f2da3d50e4af6a625f2d981 2007.0/i586/ruby-devel-1.8.5-2.3mdv2007.0.i586.rpm
a286449f58ebbb35ef96b104e8148394 2007.0/i586/ruby-doc-1.8.5-2.3mdv2007.0.i586.rpm
8124af6a429b10089ef3671f36285f81 2007.0/i586/ruby-tk-1.8.5-2.3mdv2007.0.i586.rpm
c542b49863e6407a3563e4bcf9207fbc 2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
1488eb95c352a23961ad3729108aab31 2007.0/x86_64/ruby-1.8.5-2.3mdv2007.0.x86_64.rpm
729771da6e301b5c7b5754f95c85e478 2007.0/x86_64/ruby-devel-1.8.5-2.3mdv2007.0.x86_64.rpm
69827a0c924ffd3da5e084ea04e36fef 2007.0/x86_64/ruby-doc-1.8.5-2.3mdv2007.0.x86_64.rpm
cb12889526c54ed686c327c137f1320c 2007.0/x86_64/ruby-tk-1.8.5-2.3mdv2007.0.x86_64.rpm
c542b49863e6407a3563e4bcf9207fbc 2007.0/SRPMS/ruby-1.8.5-2.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
615468da1639248f8c60d7a8ef575d1b 2007.1/i586/ruby-1.8.5-5.1mdv2007.1.i586.rpm
cda9083dd1e1df7c4a49db1e0ec20008 2007.1/i586/ruby-devel-1.8.5-5.1mdv2007.1.i586.rpm
0268152c83d14133ac35cc7ee52cf60a 2007.1/i586/ruby-doc-1.8.5-5.1mdv2007.1.i586.rpm
c1c580dfddc099a2af9c61b33b9f0a2f 2007.1/i586/ruby-tk-1.8.5-5.1mdv2007.1.i586.rpm
3d221074342e5f457373ab1aff977a96 2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
89de1e6816cc708d5401200405be508f 2007.1/x86_64/ruby-1.8.5-5.1mdv2007.1.x86_64.rpm
4e0003bc558584d6f95716d8818388ce 2007.1/x86_64/ruby-devel-1.8.5-5.1mdv2007.1.x86_64.rpm
87a5495beeb8138292aab40ce099b07b 2007.1/x86_64/ruby-doc-1.8.5-5.1mdv2007.1.x86_64.rpm
128ce81eeb4168cb915696f76d15c448 2007.1/x86_64/ruby-tk-1.8.5-5.1mdv2007.1.x86_64.rpm
3d221074342e5f457373ab1aff977a96 2007.1/SRPMS/ruby-1.8.5-5.1mdv2007.1.src.rpm

Mandriva Linux 2008.0:
279f855dd2f179827968d9c9a6ee60ee 2008.0/i586/ruby-1.8.6-5.1mdv2008.0.i586.rpm
454911b3e84a0de35e9905eadeba6852 2008.0/i586/ruby-devel-1.8.6-5.1mdv2008.0.i586.rpm
0bdf3776e48c584eb05db2d96675957b 2008.0/i586/ruby-doc-1.8.6-5.1mdv2008.0.i586.rpm
7a857b992180398881e396cb802d0274 2008.0/i586/ruby-tk-1.8.6-5.1mdv2008.0.i586.rpm
c5f286aee44c6d309fd12248d68856dc 2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
05e24b17c69c26e10cf48c4f83c095f9 2008.0/x86_64/ruby-1.8.6-5.1mdv2008.0.x86_64.rpm
c7bb81a0ef557c621016a8c5468d9022 2008.0/x86_64/ruby-devel-1.8.6-5.1mdv2008.0.x86_64.rpm
e550ae1cb99aa67711acb5d6c6af64ac 2008.0/x86_64/ruby-doc-1.8.6-5.1mdv2008.0.x86_64.rpm
a8981603df024791c9e1d273717ce5f9 2008.0/x86_64/ruby-tk-1.8.6-5.1mdv2008.0.x86_64.rpm
c5f286aee44c6d309fd12248d68856dc 2008.0/SRPMS/ruby-1.8.6-5.1mdv2008.0.src.rpm

Corporate 3.0:
bd239b9b3ed6a8fd456f42a399bc79f8 corporate/3.0/i586/ruby-1.8.1-1.9.C30mdk.i586.rpm
585ed391895ecc23a09ea55ed7bc0a8c corporate/3.0/i586/ruby-devel-1.8.1-1.9.C30mdk.i586.rpm
c5d6ef08a414db182d937426c6aeecd3 corporate/3.0/i586/ruby-doc-1.8.1-1.9.C30mdk.i586.rpm
c87e858fede1106544bb925d594f1964 corporate/3.0/i586/ruby-tk-1.8.1-1.9.C30mdk.i586.rpm
b53c77b5e98f20209db9b932b8a4734d corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm

Corporate 3.0/X86_64:
6487b1d817b08f91074961f6c42a136a corporate/3.0/x86_64/ruby-1.8.1-1.9.C30mdk.x86_64.rpm
0277376e6ef0897fd024b5e9ec9a8a06 corporate/3.0/x86_64/ruby-devel-1.8.1-1.9.C30mdk.x86_64.rpm
6ee5839e1af2c82da8ef604f83601e21 corporate/3.0/x86_64/ruby-doc-1.8.1-1.9.C30mdk.x86_64.rpm
89ecdfcd225bc24a1437e0f09e513ba9 corporate/3.0/x86_64/ruby-tk-1.8.1-1.9.C30mdk.x86_64.rpm
b53c77b5e98f20209db9b932b8a4734d corporate/3.0/SRPMS/ruby-1.8.1-1.9.C30mdk.src.rpm

Corporate 4.0:
311e14d160453952e4cc0e91599185d3 corporate/4.0/i586/ruby-1.8.2-7.6.20060mlcs4.i586.rpm
3857b0d6eff2a26f606aa2701819a470 corporate/4.0/i586/ruby-devel-1.8.2-7.6.20060mlcs4.i586.rpm
9f845778ef2cfc4089a787f8f971fba6 corporate/4.0/i586/ruby-doc-1.8.2-7.6.20060mlcs4.i586.rpm
f4712a52ee18d33bd17f19c5ee5b83ae corporate/4.0/i586/ruby-tk-1.8.2-7.6.20060mlcs4.i586.rpm
b0fbb9a741865d6a378336797b72a971 corporate/4.0/SRPMS/ruby-1.8.2-7.6.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6ecf49a09a4ab595cd6ff04912a5370a corporate/4.0/x86_64/ruby-1.8.2-7.6.20060mlcs4.x86_64.rpm
821ad33b361e6c5918f530b6778b3cbe corporate/4.0/x86_64/ruby-devel-1.8.2-7.6.20060mlcs4.x86_64.rpm
1b2bbb2e933e7a2d16d997de3989e8dd corporate/4.0/x86_64/ruby-doc-1.8.2-7.6.20060mlcs4.x86_64.rpm
e2837b0b88730df0bc25474bcd47e7df corporate/4.0/x86_64/ruby-tk-1.8.2-7.6.20060mlcs4.x86_64.rpm
b0fbb9a741865d6a378336797b72a971 corporate/4.0/SRPMS/ruby-1.8.2-7.6.20060mlcs4.src.rpm

ChangeLog

2008-01-31 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
 
 

Search
      

Mailinglist
    
 

Mozilla Products Code Execution and Security Bypass Vulnerabilities

Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability

Mozilla Products Remote Code Execution and Security Bypass Issues

Mozilla Products Code Execution and Injection Vulnerabilities

Mozilla JavaScript Garbage Collector Code Execution Vulnerability

Mozilla Thunderbird Code Execution and Cross Site Scripting Issues

Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

IBM Lotus Quickr Denial of Service and Security Bypass Vulnerabilities

IBM Tivoli Netcool/Webtop Multiple Security Bypass Vulnerabilities

IBM WebSphere Application Server Security Exposure Vulnerabilities

IBM DB2 Universal Database Multiple Denial of Service

IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability

IBM WebSphere Application Server Cross Site Scripting Vulnerability

IBM DB2 CLR Stored Procedures Unspecified Vulnerability

Sun Solaris ACL UFS File Systems Denial of Service Vulnerability

Sun Solaris Text Editors Tag Files Local Code Execution Vulnerability

Sun Management Center Remote Denial of Service Vulnerability

Sun Solaris Bzip2 Archive Handling Denial of Service Vulnerability

Sun Solaris GNU Tar Headers Handling Buffer Overflow Vulnerability

Sun Solaris Covert Channel Local Security Bypass Vulnerability

Sun Solaris NFS RPC Zone Denial of Service Vulnerability

Copyright 2003-2008 © FrSIRT.COM - Privacy Policy