Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200812-17 ] Ruby: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Tue Dec 16, 2008 9:26 pm    Post subject: [ GLSA 200812-17 ] Ruby: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: Ruby: Multiple vulnerabilities (GLSA 200812-17)
Severity: normal
Exploitable: remote
Date: December 16, 2008
Bug(s): #225465, #236060
ID: 200812-17

Synopsis

Multiple vulnerabilities have been discovered in Ruby that allow for attacks including arbitrary code execution and Denial of Service.

Background

Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server ("WEBRick") and a class for XML parsing ("REXML").

Affected Packages

Package: dev-lang/ruby
Vulnerable: < 1.8.6_p287-r1
Unaffected: >= 1.8.6_p287-r1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws:
  • Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662).
  • Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663).
  • Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664).
  • Memory corruption ("REALLOC_N") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725).
  • Memory corruption ("beg + rlen") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).
Furthermore, several other vulnerabilities have been reported:
  • Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447).
  • Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376).
  • Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655).
  • Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656).
  • A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by "sheepman" (CVE-2008-3657).
  • Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905).
  • Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790).


Impact

These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion.

Workaround

There is no known workaround at this time.

Resolution

All Ruby users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1"


References

CVE-2008-1447
CVE-2008-2376
CVE-2008-2662
CVE-2008-2663
CVE-2008-2664
CVE-2008-2725
CVE-2008-2726
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum