Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
Weakness
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rails | Rubyonrails | 3.0.0 (including) | 3.2.15 (excluding) |
| CloudForms Management Engine 5.4 | RedHat | cfme-0:5.4.0.5-1.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | cfme-gemset-0:5.4.0.5-1.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | cfme-vnc-plugin-0:1.0.0-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | libdnet-0:1.12-11.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | lshw-0:B.02.16-4.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | netapp-manageability-sdk-0:4.0P1-3.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | open-vm-tools-0:9.2.3-5.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | prince-0:9.0r2-4.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | pyliblzma-0:0.5.3-7.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-bcrypt-ruby-0:3.0.1-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-eventmachine-0:1.0.7-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-ffi-0:1.9.8-1.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-io-extra-0:1.2.8-1.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-json-0:1.8.2-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-nokogiri-0:1.5.11-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-pg-0:0.12.2-9.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-psych-0:2.0.13-1.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-qpid_messaging-0:0.20.2-5.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-therubyracer-0:0.11.0-5.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | ruby200-rubygem-thin-0:1.3.1-9.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | sneakernet_ca-0:0.1-2.el6cf | * |
| CloudForms Management Engine 5.4 | RedHat | wmi-0:1.3.14-1.el6cf | * |
| Rails | Ubuntu | upstream | * |
| Ruby-actionmailer-3.2 | Ubuntu | quantal | * |
| Ruby-actionmailer-3.2 | Ubuntu | raring | * |
| Ruby-actionmailer-3.2 | Ubuntu | saucy | * |
| Ruby-actionmailer-3.2 | Ubuntu | upstream | * |
| Ruby-actionpack-2.3 | Ubuntu | upstream | * |
| Ruby-activerecord-2.3 | Ubuntu | upstream | * |
| Ruby-activesupport-2.3 | Ubuntu | upstream | * |
| Ruby-rails-2.3 | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
References
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
- http://www.debian.org/security/2014/dsa-2887
- http://www.debian.org/security/2014/dsa-2888
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00094.html
- http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html
- http://www.debian.org/security/2014/dsa-2887
- http://www.debian.org/security/2014/dsa-2888
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/yvlR1Vx44c8/elKJkpO2KVgJ