oss-sec mailing list archives
Re: CVE id requests: ruby
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 12 Aug 2008 20:35:48 -0400 (EDT)
Seems reasonable to include the DNS issue under CVE-2008-1447. For the 0.2 people who might wonder why CVE-2008-3655 and CVE-2008-3657 were SPLIT, the first is a case of improperly specified "permissions" (regardless of the type of "object" being accessed), whereas the latter involves the failure to use a protection mechanism that happens to be related to permissions. - Steve ====================================================== Name: CVE-2008-3655 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. ====================================================== Name: CVE-2008-3656 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ Algorithmic complexity vulnerability in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. ====================================================== Name: CVE-2008-3657 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494401 Reference: CONFIRM:http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ The dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
Current thread:
- CVE id requests: ruby Steffen Joeris (Aug 11)
- Re: CVE id requests: ruby Steven M. Christey (Aug 12)
- Re: CVE id requests: ruby Steven M. Christey (Aug 14)
- Re: CVE id requests: ruby Steven M. Christey (Aug 12)