Ruby "#to_s" Security Bypass Vulnerability

http://www.securityfocus.com/bid/46458

Security Info

Bugtraq ID:	46458
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2011-1005
Remote:	Yes
Local:	Yes
Published:	Feb 18 2011 12:00AM
Updated:	Feb 28 2012 11:50AM
Credit:	The vendor reported this issue.
Vulnerable:	Yukihiro Matsumoto Ruby 1.8.7 -p72 Yukihiro Matsumoto Ruby 1.8.7 -p71 Yukihiro Matsumoto Ruby 1.8.7 -p22 Yukihiro Matsumoto Ruby 1.8.7 -p21 Yukihiro Matsumoto Ruby 1.8.7 Yukihiro Matsumoto Ruby 1.8.6 -p287 Yukihiro Matsumoto Ruby 1.8.6 -p286 Yukihiro Matsumoto Ruby 1.8.6 -p230 Yukihiro Matsumoto Ruby 1.8.6 -p229 Yukihiro Matsumoto Ruby 1.8.6 -p114 Yukihiro Matsumoto Ruby 1.8.6 Yukihiro Matsumoto Ruby 1.8.7-p330 Yukihiro Matsumoto Ruby 1.8.7-p302 Yukihiro Matsumoto Ruby 1.8.7-p299 Yukihiro Matsumoto Ruby 1.8.7-p249 Yukihiro Matsumoto Ruby 1.8.7-p248 Yukihiro Matsumoto Ruby 1.8.7-p173 Yukihiro Matsumoto Ruby 1.8.7-p160 Yukihiro Matsumoto Ruby 1.8.6-p420 Yukihiro Matsumoto Ruby 1.8.6-p399 Yukihiro Matsumoto Ruby 1.8.6-p388 Yukihiro Matsumoto Ruby 1.8.6-p383 Yukihiro Matsumoto Ruby 1.8.6-p369 Yukihiro Matsumoto Ruby 1.8.6-p368 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server EUS 6.1.z Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux Long Life 5.6 server Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux EUS 5.6.z server Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Red Hat Desktop Workstation 5 Pardus Linux 2009 0 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 Mandriva Linux Mandrake 2009.0 x86_64 Mandriva Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1

Not Vulnerable:	Yukihiro Matsumoto Ruby 1.8.7-p334

Security Discussion

Ruby is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.

The following Ruby versions are affected:

1.8.6 patchlevel 420 and prior
1.8.7 patchlevel 330 and prior

Proof of Concept and Security Exploits

Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

MandrakeSoft Enterprise Server 5 x86_64

Mandriva ruby-1.8.7-7p72.4mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7-7p72.4mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7-7p72.4mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7-7p72.4mdvmes5.2.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Enterprise Server 5

Mandriva ruby-1.8.7-7p72.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7-7p72.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7-7p72.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7-7p72.4mdvmes5.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.1 x86_64

Mandriva ruby-1.8.7.p249-4.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7.p249-4.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7.p249-4.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7.p249-4.1mdv2010.2.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2010.1

Mandriva ruby-1.8.7.p249-4.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7.p249-4.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7.p249-4.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7.p249-4.1mdv2010.2.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2009.0

Mandriva ruby-1.8.7-7p72.4mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7-7p72.4mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7-7p72.4mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7-7p72.4mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0

Mandriva ruby-1.8.2-7.12.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.2-7.12.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.2-7.12.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.2-7.12.20060mlcs4.i586.rpm
http://www.mandriva.com/en/download/

Mandriva Linux Mandrake 2009.0 x86_64

Mandriva ruby-1.8.7-7p72.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.7-7p72.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.7-7p72.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.7-7p72.4mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/

MandrakeSoft Corporate Server 4.0 x86_64

Mandriva ruby-1.8.2-7.12.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-devel-1.8.2-7.12.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-doc-1.8.2-7.12.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Mandriva ruby-tk-1.8.2-7.12.20060mlcs4.x86_64.rpm
http://www.mandriva.com/en/download/

Security References(s)

References:

Ruby Homepage (Yukihiro Matsumoto)
ASA-2011-199 ruby security update (RHSA-2011-0909) (Avaya)
Exception methods can bypass $SAFE (Yukihiro Matsumoto)
RHSA-2011:0909 ruby security update (Red Hat)
RHSA-2011:0910 ruby security update (Red Hat)

Emagined Security Blog featuring Dr. Eugene Schultz

Secure Web Programming
by Vizual Services