Re: How to reproduce: CVE-2013-1854 Symbol DoS vulnerability in Active Record

[Frederick Cheung]

On Tuesday, April 30, 2013 10:10:20 AM UTC+1, Farukh D.M wrote:

Hey,

I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS vulnerability in Active Record

Is there a way I can test my application with DoS attack by doing some manual code or something like that.

On rails console, I tried to do something like:

User.where(:email => {:email => 'test'})

> SELECT `users`.* FROM `users` WHERE `email`.`email` = 'test'

it gave "ActiveRecord::StatementInvalid:" exception.

How would requests like this lead to DoS attack. Its just like any other invalid sql.

The vulnerability is that (depending on how you use activerecord), an attacker can cause arbitrary strings to be turned into symbols. Ruby never garbage collects symbols, so this can be used to exhaust all the memory available to your application.

Fred

 

Also, How can I reproduce the vulnerability mentioned on http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/

Please help me out with the reference to example(s) causing mentioned vulnerabilities.

Thanks

[Farukh D.M]

Wow, that is one hell of an eye opener.

Thanks very much for the reply.

I appreciate very much.

Regards

Farukh D M

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-ta...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/7Yhg2zp4DgAJ.

For more options, visit https://groups.google.com/groups/opt_out.