----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
Ruby Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA31430

VERIFY ADVISORY:
http://secunia.com/advisories/31430/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Spoofing, DoS

WHERE:
>From remote

SOFTWARE:
Ruby 1.8.x
http://secunia.com/product/3787/

DESCRIPTION:
Some vulnerabilities have been reported in Ruby, which can be
exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and conduct spoofing
attacks.

1) Multiple errors in the implementation of safe level restrictions
can be exploited to call "untrace_var()", perform syslog operations,
and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods
at safe levels 1 through 3.

2) An error exists in the usage of regular expressions in
"WEBrick::HTTPUtils.split_header_value()". This can be exploited to
consume large amounts of CPU via a specially crafted HTTP request.

3) An error in "DL" can be exploited to bypass security restrictions
and call potentially dangerous functions.

4) The vulnerability is caused due to resolv.rb not sufficiently
randomising the DNS query port number, which can be exploited to
poison the DNS cache.

The vulnerabilities are reported in the following versions:
* 1.8.5 and prior
* 1.8.6-p286 and prior
* 1.8.7-p71 and prior

SOLUTION:
Update to a fixed version.

Ruby 1.8.6:
Update to version 1.8.6-p287.
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p287.tar.gz

Ruby 1.8.7:
Update to version 1.8.7-p72.
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p72.tar.gz

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Keita Yamaguchi
2) Christian Neukirchen
3) sheepman
4) Tanaka Akira

ORIGINAL ADVISORY:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------