CVE-2012-4481 – ruby: Incomplete fix for CVE-2011-1005 for NameError#to_s method when used on objects
https://notcve.org/view.php?id=CVE-2012-4481
The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. La funcionalidad safe-level de Ruby v1.8.7 permite a atacantes dependiendo del contexto modificar cadenas a través del método NameError#to_s mientras corren objetos Ruby. NOTA: este problema es debido a una corrección incompleta para CVE-2011-1005. • http://rhn.redhat.com/errata/RHSA-2013-0129.html http://rhn.redhat.com/errata/RHSA-2013-0612.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://www.openwall.com/lists/oss-security/2012/10/05/4 https://bugzilla.redhat.com/show_bug.cgi?id=863484 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0294 https://access.redhat.com/security/cve/CVE-2012-4481 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4466 – ruby: safe level bypass via name_err_mesg_to_str()
https://notcve.org/view.php?id=CVE-2012-4466
Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. Ruby v1.8.7 antes de patchlevel 371, v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto evitar las restricciones de seguridad de nivel y modificar cadenas untainted a través de la función de la API name_err_mesg_to_str, que marca la cadena como contaminada, una diferente vulnerabilidad a CVE-2011-1005. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 http://www.mandriva.com/security/advisories?name=MDVSA-2013:124 http://www.openwall.com/lists/oss-security/2012/10/02/4 http://www.openwall.com/lists/oss-security/2012/10/03/9 http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve- • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVE-2012-4464 – 1.9.3: Possibility to bypass Ruby's $SAFE (level 4) semantics
https://notcve.org/view.php?id=CVE-2012-4464
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression. Ruby v1.9.3 antes patchlevel 286 y v2.0 antes de la revisión r37068 permite a atacantes dependientes de contexto para evitar las restricciones de seguridad de nivel y modifican a través de las cadenas untainted (1) exc_to_s o (2) la función API name_err_to_s, que marca la cadena como contaminada, un diferentes vulnerabilidad a CVE-2012-4466. NOTA: este problema puede existir como consecuencia de una CVE-2011-1005 de regresión. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089554.html http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089887.html http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068 http://www.openwall.com/lists/oss-security/2012/10/02/4 http://www.openwall.com/lists/oss-security/2012/10/03/9 http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-4464-cve-2012-4466 https://bugzilla.redhat.com/show_bug.cgi?id=862598 • CWE-264: Permissions, Privileges, and Access Controls CWE-266: Incorrect Privilege Assignment •
CVE-2011-4815 – ruby: hash table collisions CPU usage DoS (oCERT-2011-003)
https://notcve.org/view.php?id=CVE-2011-4815
Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. Ruby (también conocido como CRuby) anterior a v1.8.7-P357 calcula los valores de hash sin restringir la capacidad de desencadenar colisiones hash predecible, que permite a atacantes dependientes de contexto para causar una denegación de servicio (consumo de CPU) a través de entrada diseñado para una aplicación que mantiene un hash mesa. • http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606 http://jvn.jp/en/jp/JVN90615481/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://rhn.redhat.com/errata/RHSA-2012-0069.html http://rhn.redhat.com/errata/RHSA-2012-0070.html http://secunia.com/advisories/47405 http://secunia.com/advi • CWE-20: Improper Input Validation •
CVE-2011-3009 – ruby: Properly initialize the random number generator when forking new process
https://notcve.org/view.php?id=CVE-2011-3009
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. Ruby en versiones anteriores a la 1.8.6-p114 no resetea la semilla aleatoria después de la creacción de procesos ("forking"), lo que facilita a atacantes, dependiendo del contexto, predecir el valor de números aleatorios basándose en el conocimiento del número de secuencia obtenido en un proceso hijo distinto. Un problema relacionado con el CVE-2003-0900. • http://redmine.ruby-lang.org/issues/show/4338 http://rhn.redhat.com/errata/RHSA-2012-0070.html http://www.openwall.com/lists/oss-security/2011/07/20/1 http://www.redhat.com/support/errata/RHSA-2011-1581.html http://www.securityfocus.com/bid/49126 https://exchange.xforce.ibmcloud.com/vulnerabilities/69157 https://access.redhat.com/security/cve/CVE-2011-3009 https://bugzilla.redhat.com/show_bug.cgi?id=722415 • CWE-310: Cryptographic Issues •