Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Ruby safe level bypasses
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 03 Oct 2012 13:48:14 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2012 04:32 PM, Tyler Hicks wrote:
Hello - Upstream Ruby has fixed[1] exception methods that
incorrectly allowed safe level bypasses. These bypasses allowed
untainted strings to be modified by untrusted code in safe level
4.

Note that the changes to exc_to_s() and name_err_to_s(), in
error.c, are similar to the fix for CVE-2011-1005, but the Ruby
advisory[2] made it clear that Ruby 1.9.x was not affected by
CVE-2011-1005. It turns out that the vulnerability was later
reintroduced to Ruby's trunk in revision 29456. Ruby 1.9.3-p0 and
later is affected.

While Shugo Maeda was fixing the issue above, he noticed that 
name_err_mesg_to_str() had a similar flaw. Ruby 1.8.x, along with 
1.9.3-p0 and later is affected.

I believe that these issues need two separate CVEs. Both issues
are fixed in the same upstream patch[1]. Could you please allocate
ids?

Thanks, Tyler

[1]
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068


[2]
http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/


Please use CVE-2012-4464 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQbJZ+AAoJEBYNRVNeJnmTKVwP/AwS0w4x1fIIUZ4oakCOL04s
PDhRjSxppmJK3v4hXsTgXlIrb3Le0cOw0equzs07f87OBRC2Tm05Xai2Xx3a9iFZ
Sa/fdR9+LSSpg8NCULvXArZYW/mOLNLFXJ7XJSK3cttOdAKb99vKnaX/nuLigFMu
hnmr9+qES/rwkUiRQeik6OPNldYiQX3HxZ+ORoyCnDOx0hhX7YoV7fbGl8q2vEaQ
VER+epOX2eIiYjSuyCSbUhRYt4httanoDqGUPZYnpITNs2MIrEOsrxizePnZ2RZd
LjM7NilP+tGcOT9ilc6AxO/jvPGcAHARcg+s3EchTsO98ui9cn2GejyYvRHZE7Kz
cQd46bQs2xigL69s/s6wA/PSTFFYrfxc0hh3pOlO3Bw44Aajz0/sKCNDeJao9+dx
iD2vC3Umezv98Zrdw7wRx4kfp1Fu9Rrjl5cDMTBrsfEV26wVAlQGmaO8FljAhdAQ
nFcY9rxoETeSOdhXkl9gi/J31NJ4B5F64cTUI1vNnO+X0ujxFtnftUgUykCq19Ne
aTCwrrch4BUsAcwoEtBzpHMrhsnF4oeHGV0Pz2Q7yGe+bc1if4KV0GoT2jUSn8ye
AbGNSwNKDSYZHRNChjbu1+Pjr3mgs9ftg2dZUdLDUqlLKhbSUlcwXvPBPYn8OWdU
b/Wmxe0vimxCE5mD50gP
=JCMw
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault