Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 355439 (CVE-2011-1004) - <dev-lang/ruby-{1.8.7_p331, 1.9.2_p137}: Multiple vulnerabilities (CVE-2011-{1004,1005})
Summary: <dev-lang/ruby-{1.8.7_p331, 1.9.2_p137}: Multiple vulnerabilities (CVE-2011-{...
Status: RESOLVED FIXED
Alias: CVE-2011-1004
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.ruby-lang.org/en/news/2011...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-18 14:50 UTC by Hans de Graaff
Modified: 2014-12-13 19:23 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev 2011-02-18 14:50:44 UTC
A symlink race condition vulnerability was found in FileUtils.remove_entry_secure. The vulnerability allows local users to delete arbitrary files and directories.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-02-18 15:27:27 UTC
Second issue (1.8 only):
Exception methods can bypass $SAFE
Exception#to_s method can be used to trick $SAFE check, which makes a untrusted codes to modify arbitrary strings. 

I'll see to bump at least 1.8.7 (in stable) tonight
Comment 2 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-02-19 13:51:24 UTC
Arches, please test and mark stable:
=dev-lang/ruby-1.8.7_p334
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2011-02-19 16:38:31 UTC
Stable for HPPA.
Comment 4 Agostino Sarubbo gentoo-dev 2011-02-19 17:14:00 UTC
amd64 works!
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2011-02-19 17:44:42 UTC
amd64 done. Thanks Agostino
Comment 6 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-02-20 11:04:17 UTC
ppc/ppc64 stable
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-02-20 12:09:22 UTC
x86 stable
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-02-22 04:52:29 UTC
CVE assignment per http://www.openwall.com/lists/oss-security/2011/02/21/5:

(In reply to comment #0)
> A symlink race condition vulnerability was found in
> FileUtils.remove_entry_secure. The vulnerability allows local users to delete
> arbitrary files and directories.
> 

CVE-2011-1004

(In reply to comment #1)
> Second issue (1.8 only):
> Exception methods can bypass $SAFE
> Exception#to_s method can be used to trick $SAFE check, which makes a untrusted
> codes to modify arbitrary strings. 
> 

CVE-2011-1005

Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-02-26 16:51:04 UTC
alpha/arm/ia64/s390/sh stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-02-26 19:42:41 UTC
Thanks, everyone. GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 23:00:20 UTC
CVE-2011-1005 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1005):
  The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through
  1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings
  via the Exception#to_s method, as demonstrated by changing an intended
  pathname.

CVE-2011-1004 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1004):
  The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420,
  1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through
  1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a
  symlink attack.
Comment 12 GLSAMaker/CVETool Bot gentoo-dev 2014-12-13 19:23:09 UTC
This issue was resolved and addressed in
 GLSA 201412-27 at http://security.gentoo.org/glsa/glsa-201412-27.xml
by GLSA coordinator Sean Amoss (ackle).