Name: CVE-2012-4481 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20120821 Category: Reference: MLIST:[oss-security] 20121005 Re: CVE Request -- ruby (1.8.x with patched CVE-2011-1005): Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects Reference: URL:http://www.openwall.com/lists/oss-security/2012/10/05/4 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=863484 Reference: REDHAT:RHSA-2013:0612 Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0612.html Reference: REDHAT:RHSA-2013:0129 Reference: URL:http://rhn.redhat.com/errata/RHSA-2013-0129.html The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. Reproducible: Steps to Reproduce:
NOTE: this is fixed in updates_testing/ruby-1.8.7.p358-1.3.mga2.src.rpm with: ruby-1.8.7-p358-CVE-2012-4466-CVE-2012-4481.patch
How I hate the mga rpm changelogs...
Status: NEW => RESOLVEDResolution: (none) => INVALID
Fixed in Bug 7769. *** This bug has been marked as a duplicate of bug 7769 ***
CC: (none) => luigiwalserResolution: INVALID => DUPLICATE