Bugtraq: Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

From: H D Moore <sflist () digitaloffense net>
Date: Thu, 6 Mar 2008 11:28:00 -0600

Hi Alexandr!

I added a "monkey-patch" for this in the Metasploit source tree -- even if 
you use Metasploit 3.1 with an unpatched version of Ruby, the patched 
handler code is loaded into memory on top of the existing module. Since 
the msfweb service will bind to 127.0.0.1 by default, this is not a major 
risk, but it seemed prudent to patch it anyways. 

The patch was pushed to the Metasploit SVN trees, which are used by the 
Online Update functionality in the Windows version. Mac OS X users will 
need to change into the Metasploit directory and 'svn update'.

Thanks!

-HD


On Thursday 06 March 2008, Alexandr Polyakov wrote:

Digital Security Research Group [DSecRG] Advisory       #DSECRG-08-018

Application:                    Ruby 1.8.6 (WEBrick Web server Toolkit
and applications that used  WEBrick, like Metasploit 3.1) Versions

By Date By Thread

Current thread:

[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability Alexandr Polyakov (Mar 06)
- Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability H D Moore (Mar 06)