The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Ruby Buzz Forum
Ruby 1.8 XMLRPC Server Arbitrary Command Execution

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Red Handed

Posts: 1158
Nickname: redhanded
Registered: Dec, 2004

Red Handed is a Ruby-focused group blog.
Ruby 1.8 XMLRPC Server Arbitrary Command Execution Posted: Jul 11, 2005 7:39 PM
Reply to this message Reply

This post originated from an RSS feed registered with Ruby Buzz by Red Handed.
Original Post: Ruby 1.8 XMLRPC Server Arbitrary Command Execution
Feed Title: RedHanded
Feed URL: http://redhanded.hobix.com/index.xml
Feed Description: sneaking Ruby through the system 		Latest Ruby Buzz Posts
Latest Ruby Buzz Posts by Red Handed
Latest Posts From RedHanded

Advertisement

A vulnerability was found. It could allow arbitrary command execution on a server running the ruby xmlrpc server.

The fixed versions of ruby1.8 package in Debian are 1.8.2-7sarge1 in stable and 1.8.2-8 in unstable. According to the Package Tracking System the testing version is still 1.8.2-7 with the vulnerability because ncurses that ruby1.8 depends on has a release-critical bug. 1.8.2-9 in unstable has not yet entered into testing. Please be careful, testing users.

Read: Ruby 1.8 XMLRPC Server Arbitrary Command Execution

Topic: An old quote Previous Topic   Next Topic Topic: Stuffing Your Hand Down the Disposal
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use