oss-sec mailing list archives
Re: Local privileges escalation in rubygem open-uri-cached
From: cve-assign () mitre org
Date: Wed, 6 May 2015 11:43:03 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
open-uri-cached, a rubygem that will cache downloaded data when using open-uri, is susceptible to a local attack
It appears that the critical issue you've identified is execution of code found in an untrusted location under /tmp. Use CVE-2015-3649. In most cases, this specific class of /tmp misuse issues is unrelated to Symlink Following. However, when such an issue exists, it is conceivable that a Symlink Following vulnerability also exists, could be fixed independently, and would be of interest to an attacker who has a goal of overwriting a file rather than directly executing code. The MITRE CVE team has not done any original research to check for a Symlink Following vulnerability. If a Symlink Following vulnerability were to exist, it would not be within the scope of CVE-2015-3649. Also, the message refers to "usage of YAML in a insecure way." We have not done any original research to determine whether, in a scenario where the "untrusted location under /tmp" were no longer used, a YAML-related vulnerability would still be exploitable. If an independent "YAML misuse" vulnerability were to exist, it would not be within the scope of CVE-2015-3649. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVSjYYAAoJEKllVAevmvmsBc0H/1rb5MtLd0UXcNc1Ez6dL3dC tLUB6CrujIs3yp5ynaNsg6b2cmBoF6GxGRTB4ea4Lg9n4Bv/Ovr6u1aRhtx1gz1f XtlPnlO4nOzC1Kh9aOa33SvxiRqUw+Ch7G4Vi9tAHYxaxBFH9DGhEvYCC3KWQ4Za dSMirU3CfkNIywwp3xzAAltXy/tg4VXq4tM0x6j9KK2URhaPJuNVcZDsp12OSpDO umhE3JJY0FL5eY1QD6YjbyrZbDe7HxjxjhpdpPV8Jh1qcdsttiY1vYq/CQWSwmDu v/4GfZjw7pR3Bh0uBfVgZ2CmmnWNFCgX2ECWH8D6Nyfy2Im5vG16eFE45ANtRkY= =NJDF -----END PGP SIGNATURE-----
Current thread:
- Local privileges escalation in rubygem open-uri-cached Michael Scherer (May 05)
- Re: Local privileges escalation in rubygem open-uri-cached cve-assign (May 06)