Ruby on Rails XML Processor YAML Deserialization

2013-02-15T00:00:00
ID SAINT:3D07B952F89BD863D8A787134DDF4EFE
Type saint
Reporter SAINT Corporation
Modified 2013-02-15T00:00:00

Description

Added: 02/15/2013
CVE: CVE-2013-0156
BID: 57187
OSVDB: 89026

Background

Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration.

Problem

Ruby on Rails versions prior to 2.3.15, 3.0.19, 3.1.10, and 3.2.11 contain a vulnerability in the way they handle casting string values when nesting XML entity references using YAML type conversion of Symbol type conversion.

Resolution

Update to the latest version of Ruby on Rails.

References

<http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/>
<http://www.kb.cert.org/vuls/id/380039>
<http://www.kb.cert.org/vuls/id/628463>

Limitations

This exploit has been tested against Ruby on Rails 3.0.18 on CentOS 6 (Exec-Shield Enabled).

Platforms

Linux