DoS Vulnerability in Ruby -- Update your rails code
5 views
Skip to first unread message
amit
Jun 10, 2009, 6:41:40 AM6/10/09
to rubygems
Hy All
A Denial of Service vulnerability has been found and fixed in ruby.
The vulnerability is due to the BigDecimal method mishandling certain
large input values and can cause the interpreter to crash. This could
be used by an attacker to crash any ruby program which creates
BigDecimal objects based on user input, including almost every Rails
application. This vulnerability has been assigned the CVE name
CVE-2009-1904.
Two ways to fix this
Update code
or add this patch
bigdecimal-segfault-fix.rb into config/initializers of your rails
application.
For more Read The article
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby
A Denial of Service vulnerability has been found and fixed in ruby.
The vulnerability is due to the BigDecimal method mishandling certain
large input values and can cause the interpreter to crash. This could
be used by an attacker to crash any ruby program which creates
BigDecimal objects based on user input, including almost every Rails
application. This vulnerability has been assigned the CVE name
CVE-2009-1904.
Two ways to fix this
Update code
or add this patch
bigdecimal-segfault-fix.rb into config/initializers of your rails
application.
For more Read The article
http://weblog.rubyonrails.org/2009/6/10/dos-vulnerability-in-ruby
Pavan Agrawal
Jun 11, 2009, 2:07:27 AM6/11/09
to ruby...@googlegroups.com
Thanks a lot Amit, really interesting information.
Regards,
Pavan Agrawal
Regards,
Pavan Agrawal
Reply all
Reply to author
Forward
0 new messages