oss-sec mailing list archives
Multiple CVE Request (ruby)
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 11 Aug 2008 21:37:49 +0200
Hello Steve, Ruby upstream has announced multiple vulnerabilities present in Ruby code (even with testcases). All of these issues responsibly reported at the following URL: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ Could you please allocate a CVE id for each of the following: * untrace_var is permitted at safe level 4. * $PROGRAM_NAME may be modified at safe level 4. * Insecure methods may be called at safe level 1-3. * Syslog operations are permitted at safe level 4. * DoS vulnerability in WEBrick * Lack of taintness check in dl * DNS spoofing vulnerability in resolv.rb -- already seems to have assigned CVE-2008-1447. All of these issues exploitable by a normal unprivileged user (slightly testcases / exploits modification is needed in some cases). For further reference about the features allowed at different $SAVE levels in Ruby, please have a look at: http://www.rubycentral.com/book/taint.html (part "Definition of the safe levels") Please do not hesitate to ask for any further information related with each of these issues and / or their test cases. Thank you in advance. Kind regards Jan iankko Lieskovsky RH Security Response Team
Current thread:
- Multiple CVE Request (ruby) Jan Lieskovsky (Aug 11)