[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] MRI Rubies may contain statically linked, vulnerable OpenSSL

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] MRI Rubies may contain statically linked, vulnerable OpenSSL
From: glitch <glitch@xxxxxxxxxxxxxx>
Date: Fri, 11 Apr 2014 11:20:20 -0400

https://gist.github.com/chapmajs/10473815

Apparently some MRI build scripts copy only the OpenSSL version at time of 
build, so the provided test is not necessarily 100% accurate. PoC confirmed 
with RVM on OS X 10.9, Arch Linux, Slackware 14.1

-- glitch

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin)
Next by Date: Re: [FD] heartbleed OpenSSL bug CVE-2014-0160
Previous by thread: [FD] CSRF/XSS vulnerability in Twitget 3.3.1 (WordPress plugin)
Next by thread: [FD] Multiple CSRF and XSS vulnerabilities in D-Link DAP 1150
Index(es):
- Date
- Thread