SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   Ruby Vendors:   Matsumoto, Yukihiro
Ruby Infinite Loop Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1012120
SecurityTracker URL:  http://securitytracker.com/id/1012120
CVE Reference:   CAN-2004-0983   (Links to External Site)
Date:  Nov 8 2004
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A denial of service vulnerability was reported in Ruby. A remote user can cause the target process to enter an infinite loop.

Debian reported that a remote user can submit specially crafted requests to cause the target Ruby process to enter an infinitie loop and consume excessive CPU resources.
Impact:   A user can cause Ruby to enter an infinite loop.
Solution:   The vendor has issued a fix, available at:

http://www.ruby-lang.org/en/20020102.html

[Editor's note: It is not clear which version contains the fix.]
Vendor URL:  www.ruby-lang.org/ (Links to External Site)
Cause:   State error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 8 2004 (Debian Issues Fix) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Nov 8 2004 (Mandrake Issues Fix) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Nov 11 2004 (Fedora Issues Fix for FC2) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (Akira TAGOH <tagoh@redhat.com>)
Fedora has released a fix for Fedora Core 2.
Nov 12 2004 (Fedora Issues Fix for FC3) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (Akira TAGOH <tagoh@redhat.com>)
Fedora has released a fix for Fedora Core 3.
Nov 16 2004 (Gentoo Issues Fix) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (Thierry Carrez <koon@gentoo.org>)
Gentoo has released a fix.
Dec 14 2004 (Red Hat Issues Fix) Ruby Infinite Loop Bug Lets Remote Users Deny Service   (bugzilla@redhat.com)
Red Hat has released a fix.


 Source Message Contents
Date:  Mon, 8 Nov 2004 06:53:50 -0500
Subject:  [none]


CVE: CAN-2004-0983

Debian reported a vulnerability in Ruby.  A remote user can submit specially crafted
requests to cause the target Ruby process to enter an infinitie loop and consume
excessive CPU resources.


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC