|
Description
|
|
Multiple vulnerabilities have been identified in Ruby, which could be exploited by remote attackers to bypass security restrictions and disclose sensitive information. These issues are caused by input validation errors in the WEBrick library when publishing files using "WEBrick::HTTPServlet::FileHandler" or "WEBrick::HTTPServer.new" with the ":DocumentRoot" option, which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Ruby version 1.8.4 and priorRuby version 1.8.5-p114 and priorRuby version 1.8.6-p113 and priorRuby version 1.9.0-1 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to Ruby version 1.8.5-p115 or 1.8.6-p114 :ftp://ftp.ruby-lang.org/pub/ruby/1.8/Apply patch for Ruby 1.9.x :ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-1-webrick-vulnerability-fix.diff
|
|
|
|
|
|
CVE
|
|
CVE-2008-1145
|
|
|
|
|
|
References
|
|
http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
