14 May '13, 2pm

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065)

Object taint bypassing in DL and Fiddle in Ruby (CVE-2013-2065) There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be used by system calls regardless of the $SAFE level set in Ruby. This vulnerability has been assigned the CVE identifier CVE-2013-2065. Impact Native functions exposed to Ruby with DL or Fiddle do not check the taint values set on the objects passed in. This can result in tainted objects being accepted as input when a SecurityError exception should be raised. Impacted DL code will look something like this: def my_function(user_input) handle = DL.dlopen(nil) sys_cfunc = DL::CFunc.new(handle['system'], DL::TYPE_INT, 'system') sys = DL::Function.new(sys_cfunc, [DL::TYPE_VOIDP]) sys.call user_input end $SAFE = 1 my_function "uname -rs".taint Impacted Fiddle code will look something like this: def my_function(user_input) handle = DL.dlope...

Full article: http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-...

Tweets

DL および Fiddle におけるオブジェクト汚染フラグバイパス (CVE-2013-206...

ruby-lang.org 14 May '13, 3pm

def my_function(input) handle = DL.dlopen(nil) sys = Fiddle::Function.new(handle['system'], [Fiddle::TYPE_VOIDP], Fiddle::...

Ruby 1.9.3-p429 is released

ruby-lang.org 14 May '13, 5pm

Now Ruby 1.9.3-p429 is released. We once released p426 some hours before, but it had build problems on some platforms. Use...

Ruby 2.0.0-p195 is released

ruby-lang.org 14 May '13, 2pm

Ruby 2.0.0-p195 is released. This is the first patchlevel release of 2.0.0. This release include a security fix of Ruby DL...

Ruby 1.9.3-p426 is released (includes a securit...

ruby-lang.org 14 May '13, 2pm

Now Ruby 1.9.3-p426 is released. This release includes a security fix about bundled DL / Fiddle. Object taint bypassing in...

“Ruby 1.9.3-p426 リリース”

ruby-lang.org 14 May '13, 2pm

Ruby 1.9.3-p426 がリリースされました。 今回のリリースには、バンドルされている DL / Fiddle に関するセキュリティフィックスが含まれます。 DL および Fiddle におけるオブジェクト汚染フラグバイパス (CVE-...

“Ruby 2.0.0-p195 is released”

ruby-lang.org 14 May '13, 2pm

Ruby 2.0.0-p195 をリリースします。 これは 2.0.0 の最初のパッチレベルリリースです。 このリリースには拡張ライブラリ DL/Fiddle のセキュリティフィックスが含まれます。 DL および Fiddle におけるオブジェ...

#ro0ted Meta-programming Ruby: Program Like the...

twitter.com 20 May '13, 11am

When you tweet with a location, Twitter stores that location. You can switch location on/off before each Tweet and always ...

#ro0ted Meta-programming Ruby: Program Like the Ruby Pros

#ro0ted Meta-programming Ruby: Program Like the...

cyberguerrilla.org 20 May '13, 3am

You can follow any responses to this entry through the RSS 2.0 feed . Trackback URL for this post: https://www.cyberguerri...