FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- DNS spoofing vulnerability

Affected packages
1.8.*,1 <= ruby < 1.8.6.111_5,1
1.9.*,1 <= ruby < 1.9.1.0,1
1.8.*,1 <= ruby+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+oniguruma < 1.9.1.0,1
1.8.*,1 <= ruby+pthreads < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads < 1.9.1.0,1
1.8.*,1 <= ruby+pthreads+oniguruma < 1.8.6.111_5,1
1.9.*,1 <= ruby+pthreads+oniguruma < 1.9.1.0,1

Details

VuXML ID 959d384d-6b59-11dd-9d79-001fc61c2a55
Discovery 2008-08-08
Entry 2008-08-16
Modified 2009-02-09

The official ruby site reports:

resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports.

References

CVE Name CVE-2008-1447
URL http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/