CVE-2013-2119 – rubygem-passenger: incorrect temporary file usage
https://notcve.org/view.php?id=CVE-2013-2119
Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby allows local users to cause a denial of service (prevent application start) or gain privileges by pre-creating a temporary "config" file in a directory with a predictable name in /tmp/ before it is used by the gem. Las versiones 3.0.21 y 4.0.x anteriores a 4.0.5 de la gema Phusion Passenger para Ruby permite a usuarios locales causar denegación de servicio (prevención de inicio de la aplicación) u obtener privilegios creando un fichero "config" temporal en un directorio con un nombre predecible en /tmp/ antes de que sea utilizado por la gema. • http://blog.phusion.nl/2013/05/29/phusion-passenger-3-0-21-released http://blog.phusion.nl/2013/05/29/phusion-passenger-4-0-5-released http://rhn.redhat.com/errata/RHSA-2013-1136.html https://bugzilla.redhat.com/show_bug.cgi?id=892813 https://access.redhat.com/security/cve/CVE-2013-2119 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVE-2013-4136 – rubygem-passenger: insecure temporary directory usage due to reuse of existing server instance directories
https://notcve.org/view.php?id=CVE-2013-4136
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/. ext/common/ServerInstanceDir.h en Phusion Passenger gem anteriores a 4.0.6 para Ruby permite a usuarios locales obtener privilegios o posiblemente cambiar el propietario de directorios arbitrarios a través de un ataque de enlaces simbólicos sobre un directorio con nombre predecible en /tmp/. • http://rhn.redhat.com/errata/RHSA-2013-1136.html http://www.openwall.com/lists/oss-security/2013/07/16/6 https://code.google.com/p/phusion-passenger/issues/detail?id=910 https://github.com/phusion/passenger/blob/release-4.0.6/NEWS https://github.com/phusion/passenger/commit/5483b3292cc2af1c83033eaaadec20dba4dcfd9b https://access.redhat.com/security/cve/CVE-2013-4136 https://bugzilla.redhat.com/show_bug.cgi?id=985633 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2013-4073 – ruby: hostname check bypassing vulnerability in SSL client
https://notcve.org/view.php?id=CVE-2013-4073
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. La función OpenSSL::SSL.verify_certificate_identity en lib/openssl/ssl.rb en Ruby v1.8 anterior a v1.8.7-p374, v1.9 anterior a v1.9.3-p448, y v2.0 anterior a v2.0.0-p247 no manejar adecuadamente un carácter “\0” en un nombre de dominio en el campo Subject Alternative Name de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL de su elección mediante un certificado manipulado expedido por una Autoridad Certificadora legítima, un problema relacionado con CVE-2009-2408. • http://forums.interworx.com/threads/8000-InterWorx-Version-5-0-14-Released-on-Beta-Channel%21 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00042.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00044.html http://rhn.redhat.com/errata/RHSA-2013-1090.html http://rhn.redhat.com/errata/RHSA-2013-1103.html http://rhn.redhat.com/errata/RHSA-2013-1137.html http://support.apple.com/kb/HT6150 • CWE-310: Cryptographic Issues •
CVE-2013-2065
https://notcve.org/view.php?id=CVE-2013-2065
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. (1) DL y (2) Fiddle en Ruby 1.9 anterior a 1.9.3 patchlevel 426, y 2.0 anterior a 2.0.0 patchlevel 195, no se realizan la comprobación de corrupción de las funciones nativas, lo que permite a atacantes dependientes de contexto eludir el nivel de restricciones $SAFE. • http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.html http://lists.opensuse.org/opensuse-updates/2013-10/msg00057.html http://www.ubuntu.com/usn/USN-2035-1 https://puppet.com/security/cve/cve-2013-2065 https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-0175
https://notcve.org/view.php?id=CVE-2013-0175
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156. multi_xml v0.5.2 de Ruby, tal como se utiliza en Grape antes de v0.2.6 y posiblemente otros productos, no restringe debidamente vaciados de valores de cadena, lo que permite a atacantes remotos realizar ataques de inyección a objetos y ejecutar código arbitrario o causar una denegación de servicio (consumo de memoria y CPU) que implica anidadas referencias de entidad XML, mediante el aprovechamiento de apoyo (1) YAML conversión de tipo o (2) la conversión de tipos Symbol, una vulnerabilidad similar a CVE-2013-0156. • http://www.openwall.com/lists/oss-security/2013/01/11/9 https://gist.github.com/nate/d7f6d9f4925f413621aa https://github.com/sferik/multi_xml/pull/34 https://groups.google.com/forum/?fromgroups=#%21topic/ruby-grape/fthDkMgIOa0 https://news.ycombinator.com/item?id=5040457 • CWE-20: Improper Input Validation •