Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 03 Oct 2012 13:48:14 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Tyler Hicks <tyhicks@...onical.com>, coley@...us.mitre.org,
        security@...ntu.com, security@...y-lang.org
Subject: Re: CVE Request: Ruby safe level bypasses

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/2012 04:32 PM, Tyler Hicks wrote:
> Hello - Upstream Ruby has fixed[1] exception methods that
> incorrectly allowed safe level bypasses. These bypasses allowed
> untainted strings to be modified by untrusted code in safe level
> 4.
> 
> Note that the changes to exc_to_s() and name_err_to_s(), in
> error.c, are similar to the fix for CVE-2011-1005, but the Ruby
> advisory[2] made it clear that Ruby 1.9.x was not affected by
> CVE-2011-1005. It turns out that the vulnerability was later
> reintroduced to Ruby's trunk in revision 29456. Ruby 1.9.3-p0 and
> later is affected.
> 
> While Shugo Maeda was fixing the issue above, he noticed that 
> name_err_mesg_to_str() had a similar flaw. Ruby 1.8.x, along with 
> 1.9.3-p0 and later is affected.
> 
> I believe that these issues need two separate CVEs. Both issues
> are fixed in the same upstream patch[1]. Could you please allocate
> ids?
> 
> Thanks, Tyler
> 
> [1]
> http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
>
> 
[2]
http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
> 

Please use CVE-2012-4464 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQbJZ+AAoJEBYNRVNeJnmTKVwP/AwS0w4x1fIIUZ4oakCOL04s
PDhRjSxppmJK3v4hXsTgXlIrb3Le0cOw0equzs07f87OBRC2Tm05Xai2Xx3a9iFZ
Sa/fdR9+LSSpg8NCULvXArZYW/mOLNLFXJ7XJSK3cttOdAKb99vKnaX/nuLigFMu
hnmr9+qES/rwkUiRQeik6OPNldYiQX3HxZ+ORoyCnDOx0hhX7YoV7fbGl8q2vEaQ
VER+epOX2eIiYjSuyCSbUhRYt4httanoDqGUPZYnpITNs2MIrEOsrxizePnZ2RZd
LjM7NilP+tGcOT9ilc6AxO/jvPGcAHARcg+s3EchTsO98ui9cn2GejyYvRHZE7Kz
cQd46bQs2xigL69s/s6wA/PSTFFYrfxc0hh3pOlO3Bw44Aajz0/sKCNDeJao9+dx
iD2vC3Umezv98Zrdw7wRx4kfp1Fu9Rrjl5cDMTBrsfEV26wVAlQGmaO8FljAhdAQ
nFcY9rxoETeSOdhXkl9gi/J31NJ4B5F64cTUI1vNnO+X0ujxFtnftUgUykCq19Ne
aTCwrrch4BUsAcwoEtBzpHMrhsnF4oeHGV0Pz2Q7yGe+bc1if4KV0GoT2jUSn8ye
AbGNSwNKDSYZHRNChjbu1+Pjr3mgs9ftg2dZUdLDUqlLKhbSUlcwXvPBPYn8OWdU
b/Wmxe0vimxCE5mD50gP
=JCMw
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.