« Execute Commands in PHP | Main | SMTP May Mot Be Necessary »
June 25, 2005
Known Vulnerabilities in Ruby-1.8.2_3
Portaudit reported a known vulnerability in ruby-1.8.2_3 package(lang/ruby18), but the ports hasn't released a fixed version yet.
Affected package: ruby-1.8.2_3
Type of problem: ruby -- arbitrary command execution on XMLRPC server.
Information for ruby-1.8.2_3:
Comment:
An object-oriented interpreted scripting language
Required by:
ruby18-bdb1-0.2.2
portupgrade-20041226_4
Description:
Ruby is the interpreted scripting language for quick and
easy object-oriented programming. It has many features to
process text files and to do system management tasks (as in
Perl). It is simple, straight-forward, and extensible.
Features of Ruby are shown below.
+ Simple Syntax
+ *Normal* Object-Oriented features(ex. class, method calls)
+ *Advanced* Object-Oriented features(ex. Mix-in, Singleton-method)
+ Operator Overloading
+ Exception Handling
+ Iterators and Closures
+ Garbage Collection
+ Dynamic Loading of Object files(on some architecture)
+ Highly Portable(works on many UNIX machines, and on DOS,
Windows, Mac, BeOS etc.)
Author: Matsumoto "matz" Yukihiro
WWW: http://www.ruby-lang.org/en/
Category : Security
Posted by FreeBSD Newbie at June 25, 2005 11:54 PM