full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [PLSA 2008-21] Ruby: Multi

[Full-disclosure] [PLSA 2008-21] Ruby: Multiple Vulnerabilities

From: Pınar Yanardağ <pinar_at_nospam>
Date: Tue Aug 12 2008 - 00:14:37 GMT
To: pardus-security@pardus.org.tr



Pardus Linux Security Advisory 2008-21 security@pardus.org.tr
Date: 2008-08-12 Severity: 3 Type: Remote ------------------------------------------------------------------------

Summary


Multiple vulnerabilities have been discovered in Ruby: several vulnerabilities in safe level, DoS vulnerability in WEBrick, Lack of taintness check in dl and DNS spoofing vulnerability in resolv.rb.

Description


  • Several vulnerabilities in safe level ==

Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3.

(These vulnerabilities were reported by Keita Yamaguchi.)

  • DoS vulnerability in WEBrick ==

An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request.

(This vulnerability was reported by Christian Neukirchen.)

  • Lack of taintness check in dl ==

An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions.

(This vulnerability was reported by sheepman.)

  • DNS spoofing vulnerability in resolv.rb ==

The vulnerability is caused due to resolv.rb not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache.

(This vulnerability was reported by Tanaka Akira.)

Affected packages:

   Pardus 2008: ruby, all before 1.8.7_p72-16-4 ruby-mode, all before 1.8.7_p72-16-4 Pardus 2007: ruby, all before 1.8.7_p72-16-13 ruby-mode, all before 1.8.7_p72-16-4

Resolution


There are update(s) for ruby, ruby-mode. You can update them via Package Manager or with a single command from console:

   Pardus 2008:
     pisi up ruby ruby-mode

   Pardus 2007:
     pisi up ruby ruby-mode

References


-- Pınar Yanardağ http://pinguar.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/