SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Rails Vendors:   rubyforge.org
Ruby on Rails Active Record Bug Lets Remote Users Generate Unsafe Queries
SecurityTracker Alert ID:  1027960
SecurityTracker URL:  http://securitytracker.com/id/1027960
CVE Reference:   CVE-2013-0155   (Links to External Site)
Updated:  Dec 3 2013
Original Entry Date:  Jan 9 2013
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.x prior to versions 3.0.19, 3.1.10, and 3.2.11
Description:   A vulnerability was reported in Ruby on Rails. A remote user can generate unsafe queries.

A remote user can supply a specially crafted data to exploit an Active Record validation flaw and JSON parameter parsing bug to potentially issue unexpected database queries with "IS NULL" or empty where clauses.

Dynamic finders ('find_by_*') and relations ('User.where(:name => params[:name])') are affected.

This vulnerability is a variant of CVE-2012-2660 and CVE-2012-2694.

Impact:   A remote user can generate unsafe queries.
Solution:   The vendor has issued a fix (3.0.19, 3.1.10, and 3.2.11).

The vendor's advisories are available at:

http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/

https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/t1WFuuQyavI

[Editor's note: On December 3, 2013, the vendor reported that this fix is incomplete. A revised fix (3.2.16, 4.0.2) is available. The vendor's new advisory is available at: http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/]

Vendor URL:  weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 10 2013 (Red Hat Issues Fix) Ruby on Rails Active Record Bug Lets Remote Users Generate Unsafe Queries
Red Hat has issued a fix for Red Hat Subscription Asset Manager.
Jan 11 2013 (Red Hat Issues Fix) Ruby on Rails Active Record Bug Lets Remote Users Generate Unsafe Queries
Red Hat has issued a fix for Red Hat CloudForms.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC