search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Ruby safe-level security model bypass

Vulnerability Note VU#160012

Original Release Date: 2005-10-05 | Last Revised: 2005-12-16

Overview

Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied.

Description

Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels describe the mode of operation that is allowed on potentially tainted objects. A flaw in eval.c may result in Ruby failing to enforce the safe-level protections. This may result in arbitrary code being executed without the appropriate and intended security mechanisms applied. Specifically, if the program is passed through standard input (stdin), the safe level may be ignored and hence bypassed.

Impact

An attacker may be able to run arbitrary code without security checks being applied. An application may be designed in such a manner that this results in remote, unauthenticated arbitrary code execution.

Solution

Apply an update

Ruby 1.8.3 is the stable release that addresses this issue. Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the Ruby vulnerability note for the issue.

Vendor Information

160012
 
Affected   Unknown   Unaffected

Red Hat, Inc.

Updated:  October 18, 2005

Status

  Vulnerable

Vendor Statement

This issue affected the Ruby packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updated Ruby packages to correct this issue are available at the
URL below and by using the Red Hat Network 'up2date' tool.

http://rhn.redhat.com/errata/RHSA-2005-799.html

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Ruby

Updated:  October 05, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the Ruby vulnerability note for the issue.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to the Ruby project for reporting this vulnerability, who in turn thank Dr. Yutaka Oiwa, Research Center for Information Security, National Institute of Advanced Industrial Science and Technology for information on the issue

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-2337
Severity Metric: 2.57
Date Public: 2005-09-23
Date First Published: 2005-10-05
Date Last Updated: 2005-12-16 20:05 UTC
Document Revision: 14

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.