|
 |
|
Ruby WEBrick Information Disclosure Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29232
|
|
|
Release Date:
|
2008-03-06
|
|
Last Update:
|
2008-04-15
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Ruby 1.8.x
|
| | CVE reference: | CVE-2008-1145 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to disclose sensitive information.
1) Input passed via the URL to applications using "WEBrick::HTTPServlet::FileHandler" or "WEBrick::HTTPServer.new" with the ":DocumentRoot" option is not properly sanitised before being used. This can be exploited to display arbitrary files via directory traversal attacks of the form "..%5c..%5c".
Successful exploitation requires that the application is running on an operating system accepting the backslash character as a path separator (e.g. Windows).
2) The vulnerability is caused due to an error within the "WEBrick::HTTPServlet::FileHandler" class, and within the "WEBrick::HTTPServer.new" method when handling the ":NondisclosureName" option. This can be exploited to disclose the content of arbitrary files with a filename matching the pattern specified in the ":NondisclosureName" option.
Successful exploitation requires that the application is running on an operating system using a case insensitive filesystem (e.g. Windows or Mac OS X).
The vulnerabilities are reported in versions prior to 1.8.4, 1.8.5 versions prior to 1.8.5-p115, 1.8.6 versions prior to 1.8.6-p114, and 1.9 versions prior to and including 1.9.0-1.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to 1.8.5-p115 or 1.8.6-p114, or apply the vendor patch for version 1.9.0-1.
ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerability-fix.diff
Provided and/or discovered by:
The vendor credits Digital Security Research.
Changelog:
2008-03-11: Added CVE reference.
2008-04-15: Added link to US-CERT.
Original Advisory:
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
Other References:
US-CERT VU#404515:
http://www.kb.cert.org/vuls/id/404515
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
7 Related Secunia Security Advisories
|
|
|
1. Ruby WEBrick Information Disclosure
|
|
2. Ruby Modules Common Name Verification Security Issues
|
|
3. Ruby Safe Level Security Bypass Vulnerabilities
|
|
4. Ruby Safe-Level Security Bypass and Server Classes Denial of Service
|
|
5. Ruby XMLRPC.iPIMethods Arbitrary Command Execution
|
|
6. Ruby "cgi.rb" Denial of Service Vulnerability
|
|
7. Ruby CGI Session Management Insecure File Creation Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
