ruby-lang
March 8th, 2006, 09:40 PM
<div class="section"><h3>[2005-10-02 10:58] <span class="corres">by matz</span></h3>
<p>The Ruby versions listed below have a vulnerability that allows an arbitrary code to run bypassing the safe level check.</p>
<p>Date published: 2005-10-02</p>
<p>Versions affected:</p>
<pre>Stable releases(1.8.x) - Versions 1.8.2 and earlier
(fixed on Version 1.8.3)
Old releases(1.6.x) - Versions 1.6.8 and earlier
Development versions(1.9.0) - Versions 2005-09-01 and earlier
(fixed on Version 2005-09-02)</pre>
</div><div class="section"><h3>Solution:</h3>
<p>Users of stable releases (1.8.x) and development versions (1.9.0) should
update Ruby to the latest versions listed above.</p>
<p>Users of old releases (1.6.x) should update to the stable releases (1.8.x)
or download the latest snapshot for 1.6.x from the URL below, build, and
install.</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/snapshot-1.6.tar.gz">ftp://ftp.ruby-lang.org/pub/ruby/snapshot-1.6.tar.gz</a></p>
<p>A patch from ruby-1.6.8.tar.gz is also provided at the following location:</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.6/1.6.8-patch1.gz">ftp://ftp.ruby-lang.org/pub/ruby/1.6/1.6.8-patch1.gz</a></p>
<p>md5sum: 7a97381d61576e68aec94d60bc4cbbab</p>
<p>A patch from ruby-1.8.2.tar.gz is also provided at the following location:</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/1.8.2-patch1.gz">ftp://ftp.ruby-lang.org/pub/ruby/1.8/1.8.2-patch1.gz</a></p>
<p>md5sum: 4f32bae4546421a20a9211253da103d3</p>
</div><div class="section"><h3>Description:</h3>
<p>The Object Oriented Scripting Language Ruby supports safely executing an
untrusted code with two mechanisms: safe level and taint flag on objects.</p>
<p>A vulnerability has been found that allows bypassing these mechanisms.</p>
<p>By using the vulnerability, arbitrary code can be executed beyond the
restrictions specified in each safe level. Therefore, Ruby has to be
updated on all systems that use safe level to execute untrusted code.</p>
</div><div class="section"><h3>Reference:</h3>
<p>JVN#62914675 <a href="http://jvn.jp/jp/JVN%2362914675/index.html"><URL:http://jvn.jp/jp/JVN%2362914675/index.html></a>
(in Japanese)</p>
</div><div class="section"><h3>Acknowledgment:</h3>
<p>We thank Dr. Yutaka Oiwa, Research Center for Information Security,
National Institute of Advanced Industrial Science and Technology, who
found the vulnerability that allows bypassing safe level.</p>
</div>
<a href="http://www.ruby-lang.org/en/20051003.html" target="_blank">http://www.ruby-lang.org/en/20051003.html</a>
<p>The Ruby versions listed below have a vulnerability that allows an arbitrary code to run bypassing the safe level check.</p>
<p>Date published: 2005-10-02</p>
<p>Versions affected:</p>
<pre>Stable releases(1.8.x) - Versions 1.8.2 and earlier
(fixed on Version 1.8.3)
Old releases(1.6.x) - Versions 1.6.8 and earlier
Development versions(1.9.0) - Versions 2005-09-01 and earlier
(fixed on Version 2005-09-02)</pre>
</div><div class="section"><h3>Solution:</h3>
<p>Users of stable releases (1.8.x) and development versions (1.9.0) should
update Ruby to the latest versions listed above.</p>
<p>Users of old releases (1.6.x) should update to the stable releases (1.8.x)
or download the latest snapshot for 1.6.x from the URL below, build, and
install.</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/snapshot-1.6.tar.gz">ftp://ftp.ruby-lang.org/pub/ruby/snapshot-1.6.tar.gz</a></p>
<p>A patch from ruby-1.6.8.tar.gz is also provided at the following location:</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.6/1.6.8-patch1.gz">ftp://ftp.ruby-lang.org/pub/ruby/1.6/1.6.8-patch1.gz</a></p>
<p>md5sum: 7a97381d61576e68aec94d60bc4cbbab</p>
<p>A patch from ruby-1.8.2.tar.gz is also provided at the following location:</p>
<p><a href="ftp://ftp.ruby-lang.org/pub/ruby/1.8/1.8.2-patch1.gz">ftp://ftp.ruby-lang.org/pub/ruby/1.8/1.8.2-patch1.gz</a></p>
<p>md5sum: 4f32bae4546421a20a9211253da103d3</p>
</div><div class="section"><h3>Description:</h3>
<p>The Object Oriented Scripting Language Ruby supports safely executing an
untrusted code with two mechanisms: safe level and taint flag on objects.</p>
<p>A vulnerability has been found that allows bypassing these mechanisms.</p>
<p>By using the vulnerability, arbitrary code can be executed beyond the
restrictions specified in each safe level. Therefore, Ruby has to be
updated on all systems that use safe level to execute untrusted code.</p>
</div><div class="section"><h3>Reference:</h3>
<p>JVN#62914675 <a href="http://jvn.jp/jp/JVN%2362914675/index.html"><URL:http://jvn.jp/jp/JVN%2362914675/index.html></a>
(in Japanese)</p>
</div><div class="section"><h3>Acknowledgment:</h3>
<p>We thank Dr. Yutaka Oiwa, Research Center for Information Security,
National Institute of Advanced Industrial Science and Technology, who
found the vulnerability that allows bypassing safe level.</p>
</div>
<a href="http://www.ruby-lang.org/en/20051003.html" target="_blank">http://www.ruby-lang.org/en/20051003.html</a>