Lucene search

K
gentooGentoo FoundationGLSA-200812-17
HistoryDec 16, 2008 - 12:00 a.m.

Ruby: Multiple vulnerabilities

2008-12-1600:00:00
Gentoo Foundation
security.gentoo.org
14

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.311 Low

EPSS

Percentile

96.9%

Background

Ruby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (“WEBRick”) and a class for XML parsing (“REXML”).

Description

Multiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws:

  • Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662).
  • Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663).
  • Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664).
  • Memory corruption (“REALLOC_N”) in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725).
  • Memory corruption (“beg + rlen”) in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).

Furthermore, several other vulnerabilities have been reported:

  • Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447).
  • Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376).
  • Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655).
  • Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656).
  • A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by “sheepman” (CVE-2008-3657).
  • Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905).
  • Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790).

Impact

These vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby’s built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion.

Workaround

There is no known workaround at this time.

Resolution

All Ruby users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.6_p287-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-lang/ruby< 1.8.6_p287-r1UNKNOWN

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.311 Low

EPSS

Percentile

96.9%