|
Message-ID: <506C967E.1070304@redhat.com> Date: Wed, 03 Oct 2012 13:48:14 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Tyler Hicks <tyhicks@...onical.com>, coley@...us.mitre.org, security@...ntu.com, security@...y-lang.org Subject: Re: CVE Request: Ruby safe level bypasses -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/02/2012 04:32 PM, Tyler Hicks wrote: > Hello - Upstream Ruby has fixed[1] exception methods that > incorrectly allowed safe level bypasses. These bypasses allowed > untainted strings to be modified by untrusted code in safe level > 4. > > Note that the changes to exc_to_s() and name_err_to_s(), in > error.c, are similar to the fix for CVE-2011-1005, but the Ruby > advisory[2] made it clear that Ruby 1.9.x was not affected by > CVE-2011-1005. It turns out that the vulnerability was later > reintroduced to Ruby's trunk in revision 29456. Ruby 1.9.3-p0 and > later is affected. > > While Shugo Maeda was fixing the issue above, he noticed that > name_err_mesg_to_str() had a similar flaw. Ruby 1.8.x, along with > 1.9.3-p0 and later is affected. > > I believe that these issues need two separate CVEs. Both issues > are fixed in the same upstream patch[1]. Could you please allocate > ids? > > Thanks, Tyler > > [1] > http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 > > [2] http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/ > Please use CVE-2012-4464 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQbJZ+AAoJEBYNRVNeJnmTKVwP/AwS0w4x1fIIUZ4oakCOL04s PDhRjSxppmJK3v4hXsTgXlIrb3Le0cOw0equzs07f87OBRC2Tm05Xai2Xx3a9iFZ Sa/fdR9+LSSpg8NCULvXArZYW/mOLNLFXJ7XJSK3cttOdAKb99vKnaX/nuLigFMu hnmr9+qES/rwkUiRQeik6OPNldYiQX3HxZ+ORoyCnDOx0hhX7YoV7fbGl8q2vEaQ VER+epOX2eIiYjSuyCSbUhRYt4httanoDqGUPZYnpITNs2MIrEOsrxizePnZ2RZd LjM7NilP+tGcOT9ilc6AxO/jvPGcAHARcg+s3EchTsO98ui9cn2GejyYvRHZE7Kz cQd46bQs2xigL69s/s6wA/PSTFFYrfxc0hh3pOlO3Bw44Aajz0/sKCNDeJao9+dx iD2vC3Umezv98Zrdw7wRx4kfp1Fu9Rrjl5cDMTBrsfEV26wVAlQGmaO8FljAhdAQ nFcY9rxoETeSOdhXkl9gi/J31NJ4B5F64cTUI1vNnO+X0ujxFtnftUgUykCq19Ne aTCwrrch4BUsAcwoEtBzpHMrhsnF4oeHGV0Pz2Q7yGe+bc1if4KV0GoT2jUSn8ye AbGNSwNKDSYZHRNChjbu1+Pjr3mgs9ftg2dZUdLDUqlLKhbSUlcwXvPBPYn8OWdU b/Wmxe0vimxCE5mD50gP =JCMw -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.