Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security The Internet

Multiple Security Holes In Ruby 1.8, 1.9 148

Posted by kdawson from the that-ain't-good dept.
ruphus13 notes a six-pack of serious vulnerabilities discovered in Ruby by a member of Apple's security team, Drew Yao. Patches are linked from the ruby-lang.org advisory. "With the following vulnerabilities, an attacker can lead to denial of service condition or execute arbitrary code... These vulnerabilities are likely to crop up in just about any average ruby web application. And by 'crop up' I mean 'crop up exploitable from trivial user-specified parameters.' It's not hard to begin imagining cases where Ruby/Rails programmers use code similar to the samples above to routinely handle user input."
This discussion has been archived. No new comments can be posted.

Multiple Security Holes In Ruby 1.8, 1.9 More

Multiple Security Holes In Ruby 1.8, 1.9

Comments Filter:

  • Re:Confirmation (Score:4, Interesting)

    by larry bagina ( 561269 ) on Monday June 23, 2008 @08:51AM (#23902029) Journal
    "Enterprise" means you don't blindly install updates on day 0.

  • Re:The real story (Score:4, Interesting)

    by moosesocks ( 264553 ) on Monday June 23, 2008 @09:32AM (#23902501) Homepage

    Try auditing Visual Basic 6 for comparison.
    I don't need to see the source to know that VB6 is completely insecure. The documentation is more than sufficient to prove that the entire language was fundamentally flawed.

  • Re:The real story (Score:3, Interesting)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday June 23, 2008 @11:26AM (#23903921) Homepage Journal

    Yup, because Microsoft certainly never have exploits such as these discovered...

    The difference is who finds them and what happens when they are found. Vulnerabilities in Microsoft products are found either by accident (I pass you some data which should be valid and you choke, or I pass you some data which should be invalid and you don't choke, or you just crash instead of detecting the invalid data and throwing an exception or local equivalent, which is what you SHOULD do EVERY TIME) or by malicious motherfuckers deliberately looking for the above conditions, or disassembling the code and looking for potential race conditions.

    By contrast, bugs in open source products are found by looking at the source code and by the above means. But the difference is that the number of non-malicious individuals looking at the code is far larger. So basically, all the same things happen in both places, but the first person to find the bug is more likely to be altruistic in the open source world; and furthermore, the bug is more likely to be found by an altruist at all (ever) in the open source world. You can be sure that a number of Microsoft bugs have been fixed silently without anyone ever announcing them... Which means only the malicious types know they exist, and people who don't patch unless they feel they have to are exposing vulnerabilites that they have no real way to find out about because they lack the requisite time and/or skills to test for such problems.

  • Not just RoR (Score:3, Interesting)

    by Slashdot Parent ( 995749 ) on Monday June 23, 2008 @11:37AM (#23904113)

    This reminds me of the notorious suidperl vulnerability [ciac.org] from back in the day. In a nutshell, you could use the following code to achieve a root shell from an unprivileged account (apologies if I don't get it exactly right... I don't have an ancient system to verify on):

    #!/usr/bin/suidperl -w
     
    $< = 0;
    $> = 0;
     
    `/bin/bash`;
    That was available for how many years? Anyhow, that's much more serious than this Ruby DoS attack. ;)

Slashdot Top Deals

Mystics always hope that science will some day overtake them. -- Booth Tarkington

Close