Upstream information

CVE-2008-2663 at MITRE

Description

Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors, a different issue than CVE-2008-2662, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 10
Vector AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 383299 [RESOLVED / FIXED], 397346 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise SDK 10 SP2
  • ruby >= 1.8.4-17.19
  • ruby-devel >= 1.8.4-17.19
  • ruby-doc-html >= 1.8.4-17.19
  • ruby-doc-ri >= 1.8.4-17.19
  • ruby-examples >= 1.8.4-17.19
  • ruby-test-suite >= 1.8.4-17.19
  • ruby-tk >= 1.8.4-17.19
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.ia64
sle10-sp1-sdk.x86-64
core9.x86-64
core9.s390
core9.ia64
sled10.x86-64
sle10-sp1-sdk.x86
sle10-sp1-sdk.s390x
sle10-sp1-sdk.ppc
sle-ha.s390x
sles9-nld.x86-64
sle10-sp2-sdk.ppc
sle-ha.x86
sles9-nlpos.x86
core9.x86
sles9-oes.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.ia64
core9.s390x
sle-ha.ppc
sled10-sp2.x86-64
sle-ha.ia64
sled10.x86
sle-ha.x86-64
sle10-sp2-sdk.x86-64
sles9-nld.x86
core9.ppc
ZYPP Patch Nr: 5484
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
Open Enterprise Server
  • ruby >= 1.8.1-42.24
sled10-sp2.x86
sle10-sp2-sdk.s390x
sle10-sp1-sdk.ia64
sle10-sp1-sdk.x86-64
core9.x86-64
core9.s390
core9.ia64
sled10.x86-64
sle10-sp1-sdk.x86
sle10-sp1-sdk.s390x
sle10-sp1-sdk.ppc
sle-ha.s390x
sles9-nld.x86-64
sle10-sp2-sdk.ppc
sle-ha.x86
sles9-nlpos.x86
core9.x86
sles9-oes.x86
sle10-sp2-sdk.x86
sle10-sp2-sdk.ia64
core9.s390x
sle-ha.ppc
sled10-sp2.x86-64
sle-ha.ia64
sled10.x86
sle-ha.x86-64
sle10-sp2-sdk.x86-64
sles9-nld.x86
core9.ppc
ZYPP Patch Nr: 5484
openSUSE 11.0
  • ruby-debuginfo >= 1.8.6.p114-6.2
  • ruby-debugsource >= 1.8.6.p114-6.2
openSUSE 11.0
  • ruby >= 1.8.6.p114-6.2
  • ruby-devel >= 1.8.6.p114-6.2
  • ruby-doc-html >= 1.8.6.p114-6.2
  • ruby-doc-ri >= 1.8.6.p114-6.2
  • ruby-examples >= 1.8.6.p114-6.2
  • ruby-test-suite >= 1.8.6.p114-6.2
  • ruby-tk >= 1.8.6.p114-6.2