Rails Input Validation Flaw in 'routing.rb' Lets Remote Users Execute Local Ruby Code
|
|
SecurityTracker Alert ID: 1016673
|
|
SecurityTracker URL: http://securitytracker.com/id?1016673
|
|
CVE Reference: CVE-2006-4111
, CVE-2006-4112
(Links to External Site)
|
|
OSVDB Reference: 27822
(Links to External Site)
|
Updated: Jun 8 2008
|
Original Entry Date: Aug 10 2006
|
Impact: Denial of service via network, Disclosure of user information, Modification of user information, User access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.1.0 through 1.1.5, excluding 1.1.3
|
Description: A vulnerability was reported in Rails. A remote user can execute Ruby code located on the target system.
A remote user can supply a specially crafted URL to cause Ruby code from certain locations on the target system to be loaded and
executed.
This can be exploited by a remote user to cause data on the target system to be deleted or to cause the current request
process to hang.
The vulnerability resides in 'actionpack/lib/action_controller/routing.rb'.
|
Impact: A remote user can cause alternate Ruby code located on the target system to be executed.
|
Solution: The vendor has issued a fixed version (1.1.6), available at:
http://rubyforge.org/frs/?group_id=307
The vendor's advisories
are available at:
http://weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure
http://weblog.rubyonrails.com/2006/8/9/rails-1-1-5-mandatory-secur
ity-patch-and-other-tidbits
|
Vendor URL: weblog.rubyonrails.org/2006/8/10/rails-1-1-6-backports-and-full-disclosure (Links to External Site)
|
Cause: Access control error, Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 9 Aug 2006 22:06:30 -0400
Subject: Rails 1.1.5: Mandatory security patch (and more)
|
http://weblog.rubyonrails.com/2006/8/9/rails-1-1-5-mandatory-security-patch-and-other-tidbits
|
|
