oss-sec mailing list archives

Re: CVE id requests: ruby

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 12 Aug 2008 20:35:48 -0400 (EDT)


Seems reasonable to include the DNS issue under CVE-2008-1447.

For the 0.2 people who might wonder why CVE-2008-3655 and CVE-2008-3657
were SPLIT, the first is a case of improperly specified "permissions"
(regardless of the type of "object" being accessed), whereas the latter
involves the failure to use a protection mechanism that happens to be
related to permissions.

- Steve


======================================================
Name: CVE-2008-3655
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through
1.8.7-p71, and 1.9 through r18423 does not properly restrict access to
critical variables and methods at various safe levels, which allows
context-dependent attackers to bypass intended access restrictions via
(1) untrace_var (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and
(4) insecure methods at safe levels 1 through 3.


======================================================
Name: CVE-2008-3656
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

Algorithmic complexity vulnerability in
WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and
earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9
through r18423 allows context-dependent attackers to cause a denial of
service (CPU consumption) via a crafted HTTP request that is processed
by a backtracking regular expression.


======================================================
Name: CVE-2008-3657
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401
Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

The dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286,
1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check
"taintness" of inputs, which allows context-dependent attackers to
bypass safe levels and execute dangerous functions by accessing a
library using DL.dlopen.

Current thread:

CVE id requests: ruby Steffen Joeris (Aug 11)
- Re: CVE id requests: ruby Steven M. Christey (Aug 12)
  - Re: CVE id requests: ruby Steven M. Christey (Aug 14)