SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Rails Vendors:   rubyforge.org
Rails Bugs Let Remote Users View Files and Execute Arbitrary Code
SecurityTracker Alert ID:  1035122
SecurityTracker URL:  http://securitytracker.com/id/1035122
CVE Reference:   CVE-2016-2097, CVE-2016-2098   (Links to External Site)
Date:  Mar 1 2016
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.2.x, 4.0.x, 4.1.x, 4.2.x
Description:   Two vulnerabilities were reported in Rails. A remote user can view files on the target system. A remote user can execute arbitrary code on the target system.

A remote user can send specially crafted data to an application that passes user-supplied data to the 'render' method in a controller or view to exploit a flaw in Action Pack and potentially inject and execute arbitrary code on the target system [CVE-2016-2098]. The code will run with the privileges of the target application.

Version 5.0 and after is not affected.

Tobias Kraze from makandra and joernchen of Phenoelit reported this vulnerability.

Action View does not properly validate user-supplied input [CVE-2016-2097]. A remote user can supply a specially crafted request to an application that passes user-supplied data to the 'render' method in a controller to view files on target system that are located outside of the target application's view directory.

Version 4.2 and after is not affected.

[Editor's note: This vulnerability was originally reported as CVE-2016-0752 but was not properly fixed.]

Jyoti Singh and Tobias Kraze from makandra reported this vulnerability.

Impact:   A remote user can view files on the target system located outside of the target application's view directory.

A remote user can execute arbitrary code on the target system.

Solution:   The vendor has issued a fix (3.2.22.2, 4.1.14.2, 4.2.5.2).

The vendor's advisory is available at:

http://weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/

Vendor URL:  weblog.rubyonrails.org/2016/2/29/Rails-4-2-5-2-4-1-14-2-3-2-22-2-have-been-released/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Mar 15 2016 (Red Hat Issues Fix) Rails Bugs Let Remote Users View Files and Execute Arbitrary Code
Red Hat has issued a fix for ruby193 for Red Hat Enterprise Linux 6, 6.6, 6.7, 7, 7.1, and 7.2.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC