FreeBSD : ruby -- BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)

NASLDB: FreeBSD : ruby -- BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)

General

ID: 39375
Name: FreeBSD : ruby — BigDecimal denial of service vulnerability (62e0fbe5-5798-11de-bb78-001cc0377035)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

The official ruby site reports :

A denial of service (DoS) vulnerability was found on the BigDecimal
standard library of Ruby. Conversion from BigDecimal objects into
Float numbers had a problem which enables attackers to effectively
cause segmentation faults.

An attacker can cause a denial of service by causing BigDecimal to
parse an insanely large number, such as :

BigDecimal(‘9E69999999’).to_s(‘F’)

Exploiting

Exploit Available: False
Exploitability Ease: No known exploits are available

Sources

CVE: CVE-2009-1904
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2009/06/09
Patch Release: 2009/06/13
Plugin Release: 2009/06/15

Plugin

Version: 1.11
Filename: freebsd_pkg_62e0fbe5579811debb78001cc0377035.nasl
Filesize: 5076 bytes
MD5 Hash: d5f7388d0fda6936cf9d56170ad57638

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"