lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <48A0D5ED.1060700@pardus.org.tr>
Date: Tue, 12 Aug 2008 03:14:37 +0300
From: Pınar Yanardağ <pinar@...dus.org.tr>
To: pardus-security@...dus.org.tr
Cc: full-disclosure@...ts.grok.org.uk
Subject: [PLSA 2008-21] Ruby: Multiple Vulnerabilities

------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-21            security@...dus.org.tr
------------------------------------------------------------------------
       Date: 2008-08-12
   Severity: 3
       Type: Remote
------------------------------------------------------------------------

Summary
=======

Multiple  vulnerabilities have  been  discovered  in   Ruby:   several
vulnerabilities in safe level, DoS vulnerability in  WEBrick,  Lack  of
taintness check in dl and DNS spoofing vulnerability in resolv.rb.


Description
===========

== Several vulnerabilities in safe level ==

Multiple errors in the implementation of safe level restrictions can be
exploited to call "untrace_var()", perform syslog operations, and modify
"$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels
1 through 3.

(These vulnerabilities were reported by Keita Yamaguchi.)


== DoS vulnerability in WEBrick ==

An   error exists   in   the   usage   of   regular   expressions   in
"WEBrick::HTTPUtils.split_header_value()".  This can  be  exploited  to
consume large amounts of CPU via a specially crafted HTTP request.

(This vulnerability was reported by Christian Neukirchen.)


== Lack of taintness check in dl ==

An error in "DL" can be exploited to bypass security  restrictions  and
call potentially dangerous functions.

(This vulnerability was reported by sheepman.)


== DNS spoofing vulnerability in resolv.rb ==

The  vulnerability is  caused  due  to  resolv.rb   not   sufficiently
randomising the DNS query port number, which can be exploited to poison
the DNS cache.

(This vulnerability was reported by Tanaka Akira.)


Affected packages:

   Pardus 2008:
     ruby, all before 1.8.7_p72-16-4
     ruby-mode, all before 1.8.7_p72-16-4

   Pardus 2007:
     ruby, all before 1.8.7_p72-16-13
     ruby-mode, all before 1.8.7_p72-16-4



Resolution
==========

There are update(s) for ruby, ruby-mode. You can update them via Package
Manager or with a single command from console:

   Pardus 2008:
     pisi up ruby ruby-mode

   Pardus 2007:
     pisi up ruby ruby-mode


References
==========

   * http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby
   * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
   * http://secunia.com/advisories/31430/

------------------------------------------------------------------------

-- 
Pınar Yanardağ
http://pinguar.org


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ