[ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability
Bug #175827 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ruby-gnome2 (Debian) |
Fix Released
|
Unknown
|
|||
ruby-gnome2 (Fedora) |
Fix Released
|
Medium
|
|||
ruby-gnome2 (Gentoo Linux) |
Fix Released
|
Medium
|
|||
ruby-gnome2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: ruby-gnome2
References:
DSA-1431-1 (http://
Quoting DSA-1431-1:
"It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog."
Quoting CVE-2007-6183:
"Format string vulnerability in the mdiag_initialize function in gtk/src/
CVE References
Changed in ruby-gnome2: | |
status: | Unknown → Fix Released |
Changed in ruby-gnome2: | |
status: | Unknown → Fix Released |
Changed in ruby-gnome2: | |
status: | Unknown → Fix Released |
Changed in ruby-gnome2 (Ubuntu Gutsy): | |
assignee: | William Grant (wgrant) → nobody |
Changed in ruby-gnome2 (Ubuntu Feisty): | |
assignee: | William Grant (wgrant) → nobody |
Changed in ruby-gnome2 (Ubuntu Edgy): | |
assignee: | William Grant (wgrant) → nobody |
Changed in ruby-gnome2 (Ubuntu Dapper): | |
assignee: | William Grant (wgrant) → nobody |
Changed in ruby-gnome2 (Gentoo Linux): | |
importance: | Unknown → Medium |
Changed in ruby-gnome2 (Fedora): | |
importance: | Unknown → Medium |
To post a comment you must log in.
Secunia advisory:
Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially
be exploited by malicious people to compromise an application using the library.
The vulnerability is caused due to a format string error within the alog.new( )" method in gtk/src/ rbgtkmessagedia log.c and can
"Gtk::MessageDi
potentially be exploited to execute arbitrary code when a specially crafted
string is passed to the affected function.
NOTE: Exploitation and impact of this vulnerability depend on how an application
uses the affected function of the vulnerable library.
The vulnerability is reported in version 0.16.0. Other versions may also be
affected.
References: em386.blogspot. com/2007/ 11/your- favorite- better- than-c- scripting. html secunia. com/advisories/ 27825/
http://
http://
Upstream SVN commit: ruby-gnome2. svn.sourceforge .net/viewvc/ ruby-gnome2? view=rev& revision= 2720
http://