Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 296052 (CVE-2009-4124) - <dev-lang/ruby-1.9.1_p376 String#ljust, #center, #rjust Heap-based buffer overflow (CVE-2009-4124)
Summary: <dev-lang/ruby-1.9.1_p376 String#ljust, #center, #rjust Heap-based buffer ove...
Status: RESOLVED FIXED
Alias: CVE-2009-4124
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://www.ruby-lang.org/en/news/2009...
Whiteboard: ~2 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-07 07:06 UTC by Alex Legler (RETIRED)
Modified: 2010-05-01 10:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-12-07 07:06:59 UTC
There is a heap overflow vulnerability in String#ljust, String#center and String#rjust. This has allowed an attacker to run arbitrary code in some rare cases.

Commit/Patch:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=26038

Ruby 1.9 is currently in p.mask, stable or unstable versions of Ruby (1.8.x) are not affected.
Comment 1 Sven Schwyn (svoop) 2009-12-08 22:04:06 UTC
Just tried to version bump to p376 with the patches from p243. All tests pass but one:

#378 test_thread.rb:191:in `<top (required)>': 
   begin
     100.times do |i|
       begin
         Thread.start(Thread.current) {|u| u.raise }
         raise
       rescue
       ensure
       end
     end
   rescue
     100
   end
  #=> "" (expected "100")  [ruby-dev:31371]
FAIL 1/945 tests failed
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-12 00:58:44 UTC
CVE-2009-4124 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4124):
  Heap-based buffer overflow in the rb_str_justify function in string.c
  in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to
  execute arbitrary code via unspecified vectors involving (1)
  String#ljust, (2) String#center, or (3) String#rjust.  NOTE: some of
  these details are obtained from third party information.

Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-05-01 10:36:03 UTC
p376 is in the tree.
Masked and never stable → noglsa.