CVE-2008-3655
CVE-2008-3655
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/32224unverifiedexploitdbwww.exploit-db.com/exploits/32223unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlhttp://secunia.com/advisories/31430http://secunia.com/advisories/31697http://secunia.com/advisories/32165http://secunia.com/advisories/32219http://secunia.com/advisories/32255http://secunia.com/advisories/32256http://secunia.com/advisories/32371http://secunia.com/advisories/32372http://secunia.com/advisories/33178http://secunia.com/advisories/35074