Vulnerability Details : CVE-2007-6183
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-6183
- cpe:2.3:a:ruby_gnome2:ruby_gnome2:0.16.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6183
0.90%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6183
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-6183
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-6183
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html
[SECURITY] Fedora 8 Update: ruby-gnome2-0.16.0-18.fc8
-
http://www.debian.org/security/2007/dsa-1431
Debian -- Security Information -- DSA-1431-1 ruby-gnome2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/38757
Ruby-GNOME2 mdiag_initialize format string CVE-2007-6183 Vulnerability Report
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689
#453689 - ruby-gnome2: CVE-2007-6183 format string vulnerability - Debian Bug report logs
-
http://www.securityfocus.com/archive/1/484240/100/0/threaded
-
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html
[SECURITY] Fedora 7 Update: ruby-gnome2-0.16.0-18.fc7
-
http://www.securityfocus.com/bid/26616
-
http://security.gentoo.org/glsa/glsa-200712-09.xml
Ruby-GNOME2: Format string error (GLSA 200712-09) — Gentoo security
-
http://securityreason.com/securityalert/3407
Ruby/Gnome2 0.16.0 Format String Vulnerability - CXSecurity.com
-
http://www.vupen.com/english/advisories/2007/4022
Site en construction
-
https://bugzilla.redhat.com/show_bug.cgi?id=402871
402871 – (CVE-2007-6183) CVE-2007-6183 ruby-gnome2: format string vulnerability
-
http://bugs.gentoo.org/show_bug.cgi?id=200623
200623 – (CVE-2007-6183) dev-ruby/ruby-gtk2 <0.16.0-r2 "Gtk::MessageDialog.new()" Format String Vulnerability (CVE-2007-6183)
-
http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log
Ruby-GNOME 2 download | SourceForge.netExploit
-
http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html
EM_386: Your favorite "better than C" scripting language is probably implemented in C
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:033
Mandriva
Jump to