Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
668
VMScore

CVE-2009-5147

Published: 29/03/2017 Updated: 28/03/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Ruby-lang

Vulnerability Summary

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 prior to 2.1.8 opens libraries with tainted names.

Vulnerable Product Search on Vulmon Subscribe to Product

ruby-lang ruby 2.0.0

ruby-lang ruby 1.8.0

ruby-lang ruby 2.1.6

ruby-lang ruby 2.1.7

ruby-lang ruby 1.9.2

ruby-lang ruby 1.9.0

ruby-lang ruby 2.1.3

ruby-lang ruby 2.1.4

ruby-lang ruby 2.1.0

ruby-lang ruby 1.9.3

ruby-lang ruby 2.1.2

ruby-lang ruby 2.1.5

ruby-lang ruby 2.1.1

Vendor Advisories

Red Hat: Important: rh-ruby22-ruby security, bug fix, and enhancement update
Synopsis Important: rh-ruby22-ruby security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rh-ruby22-ruby is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Debian CVElist Bug Report Logs: CVE-2015-7551
Debian Bug report logs - #796344 CVE-2015-7551 Package: ruby21; Maintainer for ruby21 is Antonio Terceiro <terceiro@debianorg>; Source for ruby21 is src:ruby21 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 21 Aug 2015 12:36:01 UTC Severity: important Tags: security Found in ...
Ubuntu Security Notice: ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
Several security issues were fixed in Ruby ...

Github Repositories

https://github.com/vpereira/CVE-2009-5147

poc for CVE-2009-5147

CVE-2009-5147 and CVE-2015-7551 PoC to run it: make foo export FOO=/fooso ruby -v foorb with different versions of ruby you should get different results: vpereira@kimura:~/poc> rvm use 217 vpereira@kimura:~/poc> ruby -v foorb ruby 217p400 (2015-08-18 revision 51632) [x86_64-linux] some trash fom your environment vari

References

CWE-20https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215bhttps://bugzilla.redhat.com/show_bug.cgi?id=1248935http://seclists.org/oss-sec/2015/q3/222http://www.securityfocus.com/bid/76060https://access.redhat.com/errata/RHSA-2018:0583https://access.redhat.com/errata/RHSA-2018:0583https://nvd.nist.govhttps://usn.ubuntu.com/3365-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook