class Dawn::Kb::CVE_2011_0188

Public Class Methods

new() click to toggle source
Calls superclass method Dawn::Kb::ComboCheck::new
# File lib/dawn/kb/cve_2011_0188.rb, line 47
                      def initialize
message = "The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an \"integer truncation issue.\""

 super({
  :name=>"CVE-2011-0188",
  :cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
  :release_date => Date.new(2011, 3, 23),
  :cwe=>"189",
  :owasp=>"A9", 
  :applies=>["sinatra", "padrino", "rails"],
  :kind=>Dawn::KnowledgeBase::COMBO_CHECK,
  :message=>message,
  :mitigation=>"Please upgrade your ruby interpreter",
  :aux_links=>["https://bugzilla.redhat.com/show_bug.cgi?id=682332"],
  :checks=>[CVE_2011_0188_a.new, CVE_2011_0188_b.new]
})

                      end