oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: ruby file creation due in insertion of illegal NUL character

From: Matthias Weckbecker <mweckbecker () suse de>
Date: Tue, 16 Oct 2012 14:40:10 +0200
On Friday 12 October 2012 22:50:41 Vincent Danen wrote:

Just noticed this today on ruby's web site:

http://preview.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerabi
lity/

The fix is located here:

http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163

I don't see a CVE name associated with the announcement or commit, so
I don't believe one has been assigned.


Technically, this would also apply to Perl (at least with 5.12.3). Or am I
missing the point?

  $ perl -we 'open $fh, "+>", "perl\0foo"; print $fh "x"x2; close $fh'
  $ ls perl
    perl

If the third parameter is double-quoted. I wouldn't call it a vulnerability 
though. Just wanted to note it.

Matthias

-- 
Matthias Weckbecker, Senior Security Engineer, SUSE Security Team
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
Tel: +49-911-74053-0;  http://suse.com/
SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: