There is an unsafe tainted string usage vulnerability in Fiddle and DL. This vulnerability has been assigned the CVE identifier CVE-2015-7551.
There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi.
And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable.
Impacted code looks something like this:
handle = Fiddle::Handle.new(dangerous_user_input)
Or:
handle = Fiddle::Handle.new(some_library)
function_pointer = handle[dangerous_user_input]
All users running an affected release should either upgrade or use one of the work arounds immediately.
If you cannot upgrade, the following monkey patch can be applied as a workaround for Fiddle:
class Fiddle::Handle
alias :old_initialize :initialize
def initialize file, *args
raise SecurityError if file.tainted? && $SAFE > 0
old_initialize file, *args
end
alias :sym :[]
alias :old_call :[]
def [] fun
raise SecurityError if fun.tainted? && $SAFE > 0
old_call fun
end
end
If you are using DL, use Fiddle instead of it.
Thanks to Christian Hofstaedtler ze...@debian.org for reporting this issue!
Posted by usa on 16 Dec 2015