ID CVE-2008-3443
Summary The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:1.6.8
    cpe:2.3:a:ruby-lang:ruby:1.6.8
  • ruby-lang Ruby 1.8.0
    cpe:2.3:a:ruby-lang:ruby:1.8.0
  • Ruby-lang Ruby 1.8.1
    cpe:2.3:a:ruby-lang:ruby:1.8.1
  • cpe:2.3:a:ruby-lang:ruby:1.8.1:-9
    cpe:2.3:a:ruby-lang:ruby:1.8.1:-9
  • Ruby-lang Ruby 1.8.2
    cpe:2.3:a:ruby-lang:ruby:1.8.2
  • Ruby-lang Ruby 1.8.2 Preview 2
    cpe:2.3:a:ruby-lang:ruby:1.8.2:preview2
  • Ruby-lang Ruby 1.8.2 Preview 3
    cpe:2.3:a:ruby-lang:ruby:1.8.2:preview3
  • Ruby-lang Ruby 1.8.2 Preview 4
    cpe:2.3:a:ruby-lang:ruby:1.8.2:preview4
  • Ruby-lang Ruby 1.8.3
    cpe:2.3:a:ruby-lang:ruby:1.8.3
  • Ruby-lang Ruby 1.8.3 Preview 1
    cpe:2.3:a:ruby-lang:ruby:1.8.3:preview1
  • Ruby-lang Ruby 1.8.3 Preview 2
    cpe:2.3:a:ruby-lang:ruby:1.8.3:preview2
  • Ruby-lang Ruby 1.8.3 Preview 3
    cpe:2.3:a:ruby-lang:ruby:1.8.3:preview3
  • Ruby-lang Ruby 1.8.4
    cpe:2.3:a:ruby-lang:ruby:1.8.4
  • Ruby-lang Ruby 1.8.4 Preview 1
    cpe:2.3:a:ruby-lang:ruby:1.8.4:preview1
  • Ruby-lang Ruby 1.8.4 Preview 2
    cpe:2.3:a:ruby-lang:ruby:1.8.4:preview2
  • cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3
    cpe:2.3:a:ruby-lang:ruby:1.8.4:preview3
  • Ruby-lang Ruby 1.8.5
    cpe:2.3:a:ruby-lang:ruby:1.8.5
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p11
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p11
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p113
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p113
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p114
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p114
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p115
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p115
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p12
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p12
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p2
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p2
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p231
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p231
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p35
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p35
  • cpe:2.3:a:ruby-lang:ruby:1.8.5:p52
    cpe:2.3:a:ruby-lang:ruby:1.8.5:p52
  • Ruby-lang Ruby 1.8.5 Preview 1
    cpe:2.3:a:ruby-lang:ruby:1.8.5:preview1
  • Ruby-lang Ruby 1.8.5 Preview 2
    cpe:2.3:a:ruby-lang:ruby:1.8.5:preview2
  • Ruby-lang Ruby 1.8.5 Preview 3
    cpe:2.3:a:ruby-lang:ruby:1.8.5:preview3
  • Ruby-lang Ruby 1.8.5 Preview 4
    cpe:2.3:a:ruby-lang:ruby:1.8.5:preview4
  • Ruby-lang Ruby 1.8.5 Preview 5
    cpe:2.3:a:ruby-lang:ruby:1.8.5:preview5
  • Ruby-lang Ruby 1.8.6
    cpe:2.3:a:ruby-lang:ruby:1.8.6
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p111
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p111
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p114
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p114
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p230
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p230
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p286
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p286
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p36
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p36
  • Ruby-lang Ruby 1.8.6 Preview 1
    cpe:2.3:a:ruby-lang:ruby:1.8.6:preview1
  • Ruby-lang Ruby 1.8.6 Preview 2
    cpe:2.3:a:ruby-lang:ruby:1.8.6:preview2
  • Ruby-lang Ruby 1.8.6 Preview 3
    cpe:2.3:a:ruby-lang:ruby:1.8.6:preview3
  • ruby-lang Ruby 1.8.7
    cpe:2.3:a:ruby-lang:ruby:1.8.7
  • ruby-lang Ruby 1.8.7-p17
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  • ruby-lang Ruby 1.8.7-p22
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  • ruby-lang Ruby 1.8.7-p71
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  • ruby-lang Ruby 1.8.7-preview1
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  • ruby-lang Ruby 1.8.7-preview2
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  • ruby-lang Ruby 1.8.7-preview3
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  • ruby-lang Ruby 1.8.7-preview4
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4
  • ruby-lang Ruby 1.9.0
    cpe:2.3:a:ruby-lang:ruby:1.9.0
  • cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423
    cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423
CVSS
Base: 5.0 (as of 15-08-2008 - 12:18)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit. CVE-2008-3443. Dos exploits for multiple platform
file exploits/multiple/dos/6239.txt
id EDB-ID:6239
last seen 2016-02-01
modified 2008-08-13
platform multiple
port
published 2008-08-13
reporter laurent gaffié
source https://www.exploit-db.com/download/6239/
title Ruby <= 1.9 regex engine Remote Socket Memory Leak Exploit
type dos
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1695.NASL
    description The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443 ). In addition, this security update addresses a regression in the REXML XML parser of the ruby1.8 package; the regression was introduced in DSA-1651-1.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35294
    published 2009-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35294
    title Debian DSA-1695-1 : ruby1.8, ruby1.9 - memory leak
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0896.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34462
    published 2008-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34462
    title CentOS 3 : ruby (CESA-2008:0896)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0895.NASL
    description Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34464
    published 2008-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34464
    title RHEL 2.1 : ruby (RHSA-2008:0895)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0896.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34465
    published 2008-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34465
    title RHEL 3 : ruby (RHSA-2008:0896)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-691-1.NASL
    description Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) This update also fixes a regression in the upstream patch previously applied to fix CVE-2008-3790. The regression would cause parsing of some XML documents to fail. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37474
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37474
    title Ubuntu 8.10 : ruby1.9 vulnerability (USN-691-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0896.NASL
    description From Red Hat Security Advisory 2008:0896 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67751
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67751
    title Oracle Linux 3 : ruby (ELSA-2008-0896)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-8736.NASL
    description Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing 'taintness' checks in dl module - CVE-2008-3905 - resolv.rb adds random transactions ids and source ports to prevent DNS spoofing attacks http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in- rexml/ - CVE-2008-3790 - DoS in the REXML module One issue not covered by any upstream advisory: - CVE-2008-3443 - DoS in the regular expression engine Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 34379
    published 2008-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34379
    title Fedora 8 : ruby-1.8.6.287-2.fc8 (2008-8736)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_7.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 38744
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38744
    title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0897.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 34502
    published 2008-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34502
    title CentOS 4 / 5 : ruby (CESA-2008:0897)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_RUBY-090703.NASL
    description This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40306
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40306
    title openSUSE Security Update : ruby (ruby-1070)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12452.NASL
    description This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSP_basic_verify() to refuse usage of revoked certificates. (CVE-2009-0642) - Increase entropy of DNS identifiers to avoid spoofing attacks. (CVE-2008-3905) - Fix denial of service (DoS) vulnerability while parsing XML data. (CVE-2008-3790) - Fix possible attack on algorithm complexity in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests or by using the regex engine to cause high CPU load. (CVE-2008-3656, CVE-2008-3443) - Improve ruby's access restriction code. (CVE-2008-3655) - Improve safe-level handling using function DL.dlopen(). (CVE-2008-3657) - Improve big decimal handling. (CVE-2009-1904) - Disable bypassing of HTTP basic authentication (authenticate_with_http_digest).
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41312
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41312
    title SuSE9 Security Update : ruby (YOU Patch Number 12452)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2008-0897.NASL
    description From Red Hat Security Advisory 2008:0897 : Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67752
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67752
    title Oracle Linux 4 / 5 : ruby (ELSA-2008-0897)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20081021_RUBY_ON_SL3_X.NASL
    description The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60485
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60485
    title Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-226.NASL
    description A denial of service condition was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite loop and crash (CVE-2008-3443). A number of flaws were found in Ruby that could allow an attacker to create a carefully crafted script that could allow for the bypass of certain safe-level restrictions (CVE-2008-3655). A denial of service vulnerability was found in Ruby's HTTP server toolkit, WEBrick. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause it to use an excessive amount of CPU time (CVE-2008-3656). An insufficient taintness check issue was found in Ruby's DL module, a module that provides direct access to the C language functions. This flaw could be used by an attacker to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted input (CVE-2008-3657). A denial of service condition in Ruby's XML document parsing module (REXML) could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory via XML documents with large XML entitity definitions recursion (CVE-2008-3790). The Ruby DNS resolver library used predictable transaction IDs and a fixed source port when sending DNS requests. This could be used by a remote attacker to spoof a malicious reply to a DNS query (CVE-2008-3905). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 38018
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38018
    title Mandriva Linux Security Advisory : ruby (MDVSA-2008:226)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0897.NASL
    description Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 34466
    published 2008-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34466
    title RHEL 4 / 5 : ruby (RHSA-2008:0897)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-6339.NASL
    description This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 42032
    published 2009-10-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42032
    title openSUSE 10 Security Update : ruby (ruby-6339)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_RUBY-090703.NASL
    description This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40122
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40122
    title openSUSE Security Update : ruby (ruby-1070)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-8738.NASL
    description Update to new upstream release fixing multiple security issues detailed in the upstream advisories: http://www.ruby-lang.org/en/news/2008/08/08/multiple- vulnerabilities-in-ruby/ - CVE-2008-3655 - multiple insufficient safe mode restrictions - CVE-2008-3656 - WEBrick DoS vulnerability (CPU consumption) - CVE-2008-3657 - missing 'taintness' checks in dl module - CVE-2008-3905 - resolv.rb adds random transactions ids and source ports to prevent DNS spoofing attacks http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in- rexml/ - CVE-2008-3790 - DoS in the REXML module One issue not covered by any upstream advisory: - CVE-2008-3443 - DoS in the regular expression engine Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 34380
    published 2008-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=34380
    title Fedora 9 : ruby-1.8.6.287-2.fc9 (2008-8738)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_RUBY-090703.NASL
    description This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug. (CVE-2008-3790) An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41452
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41452
    title SuSE 11 Security Update : ruby (SAT Patch Number 1073)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-651-1.NASL
    description Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2376) Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service. (CVE-2008-3443) Keita Yamaguchi discovered several safe level vulnerabilities in Ruby. An attacker could use this to bypass intended access restrictions. (CVE-2008-3655) Keita Yamaguchi discovered that WEBrick in Ruby did not properly validate paths ending with '.'. A remote attacker could send a crafted HTTP request and cause a denial of service. (CVE-2008-3656) Keita Yamaguchi discovered that the dl module in Ruby did not check the taintness of inputs. An attacker could exploit this vulnerability to bypass safe levels and execute dangerous functions. (CVE-2008-3657) Luka Treiber and Mitja Kolsek discovered that REXML in Ruby did not always use expansion limits when processing XML documents. If a user or automated system were tricked into open a crafted XML file, an attacker could cause a denial of service via CPU consumption. (CVE-2008-3790) Jan Lieskovsky discovered several flaws in the name resolver of Ruby. A remote attacker could exploit this to spoof DNS entries, which could lead to misdirected traffic. This is a different vulnerability from CVE-2008-1447. (CVE-2008-3905). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 37068
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37068
    title Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-651-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-6338.NASL
    description This ruby update improves return value checks for openssl function OCSP_basic_verify() (CVE-2009-0642) which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased (CVE-2008-3905) to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of service bug (CVE-2008-3790). An attack on algorithm complexity was possible in function WEBrick::HTTP::DefaultFileHandler() while parsing HTTP requests (CVE-2008-3656) as well as by using the regex engine (CVE-2008-3443) causing high CPU load. Ruby's access restriction code (CVE-2008-3655) as well as safe-level handling using function DL.dlopen() (CVE-2008-3657) and big decimal handling (CVE-2009-1904) was improved. Bypassing HTTP basic authentication (authenticate_with_http_digest) is not possible anymore.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 51760
    published 2011-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51760
    title SuSE 10 Security Update : ruby (ZYPP Patch Number 6338)
oval via4
accepted 2013-04-29T04:20:20.886-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
family unix
id oval:org.mitre.oval:def:9570
status accepted
submitted 2010-07-09T03:56:16-04:00
title The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
version 24
redhat via4
advisories
  • rhsa
    id RHSA-2008:0895
  • rhsa
    id RHSA-2008:0897
rpms
  • irb-0:1.6.8-13.el3
  • ruby-0:1.6.8-13.el3
  • ruby-devel-0:1.6.8-13.el3
  • ruby-docs-0:1.6.8-13.el3
  • ruby-libs-0:1.6.8-13.el3
  • ruby-mode-0:1.6.8-13.el3
  • ruby-tcltk-0:1.6.8-13.el3
  • irb-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.1-7.el4_7.1
  • ruby-devel-0:1.8.1-7.el4_7.1
  • ruby-docs-0:1.8.1-7.el4_7.1
  • ruby-libs-0:1.8.1-7.el4_7.1
  • ruby-mode-0:1.8.1-7.el4_7.1
  • ruby-tcltk-0:1.8.1-7.el4_7.1
  • ruby-0:1.8.5-5.el5_2.5
  • ruby-devel-0:1.8.5-5.el5_2.5
  • ruby-docs-0:1.8.5-5.el5_2.5
  • ruby-irb-0:1.8.5-5.el5_2.5
  • ruby-libs-0:1.8.5-5.el5_2.5
  • ruby-mode-0:1.8.5-5.el5_2.5
  • ruby-rdoc-0:1.8.5-5.el5_2.5
  • ruby-ri-0:1.8.5-5.el5_2.5
  • ruby-tcltk-0:1.8.5-5.el5_2.5
refmap via4
apple APPLE-SA-2009-05-12
bid 30682
cert TA09-133A
confirm
debian DSA-1695
exploit-db 6239
fedora
  • FEDORA-2008-8736
  • FEDORA-2008-8738
sectrack 1021075
secunia
  • 31430
  • 32165
  • 32219
  • 32371
  • 32372
  • 33185
  • 33398
  • 35074
sreason 4158
ubuntu
  • USN-651-1
  • USN-691-1
vupen ADV-2009-1297
xf ruby-regex-dos(44688)
Last major update 21-08-2010 - 01:22
Published 14-08-2008 - 19:41
Last modified 03-10-2018 - 17:55
Back to Top