[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [PLSA 2008-21] Ruby: Multiple Vulnerabilities

To: pardus-security@xxxxxxxxxxxxx
Subject: [Full-disclosure] [PLSA 2008-21] Ruby: Multiple Vulnerabilities
From: Pınar Yanardağ <pinar@xxxxxxxxxxxxx>
Date: Tue, 12 Aug 2008 03:14:37 +0300

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-21            security@xxxxxxxxxxxxx
------------------------------------------------------------------------
       Date: 2008-08-12
   Severity: 3
       Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple  vulnerabilities have  been  discovered  in   Ruby:   several
vulnerabilities in safe level, DoS vulnerability in  WEBrick,  Lack  of
taintness check in dl and DNS spoofing vulnerability in resolv.rb.


Description
===========

== Several vulnerabilities in safe level ==

Multiple errors in the implementation of safe level restrictions can be
exploited to call "untrace_var()", perform syslog operations, and modify
"$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels
1 through 3.

(These vulnerabilities were reported by Keita Yamaguchi.)


== DoS vulnerability in WEBrick ==

An   error exists   in   the   usage   of   regular   expressions   in
"WEBrick::HTTPUtils.split_header_value()".  This can  be  exploited  to
consume large amounts of CPU via a specially crafted HTTP request.

(This vulnerability was reported by Christian Neukirchen.)


== Lack of taintness check in dl ==

An error in "DL" can be exploited to bypass security  restrictions  and
call potentially dangerous functions.

(This vulnerability was reported by sheepman.)


== DNS spoofing vulnerability in resolv.rb ==

The  vulnerability is  caused  due  to  resolv.rb   not   sufficiently
randomising the DNS query port number, which can be exploited to poison
the DNS cache.

(This vulnerability was reported by Tanaka Akira.)


Affected packages:

   Pardus 2008:
     ruby, all before 1.8.7_p72-16-4
     ruby-mode, all before 1.8.7_p72-16-4

   Pardus 2007:
     ruby, all before 1.8.7_p72-16-13
     ruby-mode, all before 1.8.7_p72-16-4



Resolution
==========

There are update(s) for ruby, ruby-mode. You can update them via Package
Manager or with a single command from console:

   Pardus 2008:
     pisi up ruby ruby-mode

   Pardus 2007:
     pisi up ruby ruby-mode


References
==========

   * 
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
   * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
   * http://secunia.com/advisories/31430/

------------------------------------------------------------------------

-- 
Pınar Yanardağ
http://pinguar.org


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Surf Jack - HTTPS will not save you
Next by Date: [Full-disclosure] [PLSA 2008-22] Php: Multiple Overflows
Previous by thread: [Full-disclosure] rPSA-2008-0247-1 gvim vim vim-minimal
Next by thread: [Full-disclosure] [PLSA 2008-22] Php: Multiple Overflows
Index(es):
- Date
- Thread