The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ruby | Ruby-lang | 1.9.3 (including) | 1.9.3 (including) |
| Ruby | Ruby-lang | 2.0.0 (including) | 2.0.0 (including) |
| Red Hat Enterprise Linux 5 | RedHat | ruby-0:1.8.5-27.el5 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | graphviz-0:2.26.0-10.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-console-0:0.0.16-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-broker-0:1.0.11-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-broker-util-0:1.0.15-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | php-0:5.3.3-22.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-ruby-0:1.9.3.327-25.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-actionpack-1:3.2.8-3.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-activemodel-0:3.2.8-2.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-activerecord-1:3.2.8-3.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-railties-0:3.2.8-2.el6 | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-actionpack-1:3.0.13-4.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-activemodel-0:3.0.13-3.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-activerecord-1:3.0.13-5.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-bson-0:1.8.1-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-mongo-0:1.8.1-2.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-console-0:1.0.10-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-controller-0:1.0.12-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-openshift-origin-node-0:1.0.11-1.el6op | * |
| RHEL 6 Version of OpenShift Enterprise | RedHat | rubygem-ruby_parser-0:2.0.4-6.el6op | * |
| Ruby1.8 | Ubuntu | hardy | * |
| Ruby1.9 | Ubuntu | hardy | * |
| Ruby1.9 | Ubuntu | upstream | * |
| Ruby1.9.1 | Ubuntu | devel | * |
| Ruby1.9.1 | Ubuntu | precise | * |
| Ruby1.9.1 | Ubuntu | quantal | * |
| Ruby1.9.1 | Ubuntu | upstream | * |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html
- http://rhn.redhat.com/errata/RHSA-2013-0129.html
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision\u0026revision=37163
- http://www.openwall.com/lists/oss-security/2012/10/12/6
- http://www.openwall.com/lists/oss-security/2012/10/13/1
- http://www.openwall.com/lists/oss-security/2012/10/16/1
- http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html
- http://rhn.redhat.com/errata/RHSA-2013-0129.html
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision\u0026revision=37163
- http://www.openwall.com/lists/oss-security/2012/10/12/6
- http://www.openwall.com/lists/oss-security/2012/10/13/1
- http://www.openwall.com/lists/oss-security/2012/10/16/1
- http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/