Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 572958 (CVE-2016-0752) - <dev-ruby/actionview-4.{1.15,2.6},: Possible Information Leak Vulnerability
Summary: <dev-ruby/actionview-4.{1.15,2.6},: Possible Information Leak Vulnerability
Status: RESOLVED FIXED
Alias: CVE-2016-0752
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-26 09:02 UTC by Agostino Sarubbo
Modified: 2016-06-05 12:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-01-26 09:02:55 UTC
From ${URL} :

Possible Information Leak Vulnerability in Action View

There is a possible directory traversal and information leak vulnerability in
Action View. This vulnerability has been assigned the CVE identifier
CVE-2016-0752.

Versions Affected:  All.
Not affected:       None.
Fixed Versions:     5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1

Impact
------
Applications that pass unverified user input to the `render` method in a
controller may be vulnerable to an information leak vulnerability.

Impacted code will look something like this:

```ruby
def index
  render params[:id]
end
```

Carefully crafted requests can cause the above code to render files from
unexpected places like outside the application's view directory, and can
possibly escalate this to a remote code execution attack.



@maintainer(s): since the fixed version is already in the tree, please remove the affected versions.
Comment 1 Hans de Graaff gentoo-dev 2016-02-07 17:53:11 UTC
Vulnerable versions for Rails 3.2, 4.1, and 4.2 have been removed.
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-05 12:23:34 UTC
Cleanup complete per previous comments.