 |  |  |  |  |  |  |  |
Ruby, Ruby, Ruby - Vulnerable, Vulnerable, Vulnerable
Please support our Ruby advertiser: SELL YOUR PRODUCT TODAY !
Multiple arbitrary code execution vulnerabilities in Ruby have been revealed by the Apple Product Security team which could lead to Denial of Service attacks. A total of five vulnerabilities have been reported, with versions impacted being:
This is, of course, of particular interest to Apple as its Mac OS X Leopard comes complete with a Ruby on Rails web development framework.
For an in-depth examination of the vulnerabilities head over to security guru Eric Monti at the Matasano Chargen blog who has been dissecting the detail.
Monti says "These vulnerabilities are likely to crop up in just about any average ruby web application. And by “crop up” I mean “crop up exploitable from trivial user-specified parameters”. Unlike un-handled ruby exceptions getting raised, these bugs aren’t the fault of the programmer as much as the fault of the interpreter. Part of the unwritten “contract” with your interpreted language is that it will prevent you from letting ridiculous things happen by raising an exception."
1.8.4 and all prior versionsUpgrading to either 1.8.5-p231, 1.8.6-p230, 1.8.7-p22 or 1.9.0-2 is recommended.
1.8.5-p230 and all prior versions
1.8.6-p229 and all prior versions
1.8.7-p21 and all prior versions
1.9.0-1 and all prior versions
This is, of course, of particular interest to Apple as its Mac OS X Leopard comes complete with a Ruby on Rails web development framework.
For an in-depth examination of the vulnerabilities head over to security guru Eric Monti at the Matasano Chargen blog who has been dissecting the detail.
Monti says "These vulnerabilities are likely to crop up in just about any average ruby web application. And by “crop up” I mean “crop up exploitable from trivial user-specified parameters”. Unlike un-handled ruby exceptions getting raised, these bugs aren’t the fault of the programmer as much as the fault of the interpreter. Part of the unwritten “contract” with your interpreted language is that it will prevent you from letting ridiculous things happen by raising an exception."
Similar Threads
- News Story: ATM security leaves customers vulnerable to hackers (Network Security)
- New to Ruby (Ruby)
- ruby Tk (Legacy and Other Languages)
- Vulnerable? (Viruses, Spyware and other Nasties)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Ruby Posts
- Today's Posts
- Unanswered Threads
advertising age amd apple avatar bluegene botnet broadband browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia satnav search security sex socialnetworking software spam spyware sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working x86 xbox yahoo youtube