The Artima Developer Community
Sponsored Link

Ruby Buzz Forum
Ruby CGI.rb DoS vulnerability

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Jonathan Weiss

Posts: 146
Nickname: jweiss
Registered: Jan, 2006

Jonathan Weiss is a Ruby and BSD enthusiast
Ruby CGI.rb DoS vulnerability Posted: Oct 25, 2006 3:21 PM
Reply to this message Reply

This post originated from an RSS feed registered with Ruby Buzz by Jonathan Weiss.
Original Post: Ruby CGI.rb DoS vulnerability
Feed Title: BlogFish
Feed URL: http://blog.innerewut.de/feed/atom.xml
Feed Description: Weblog by Jonathan Weiss about Unix, BSD, security, Programming in Ruby, Ruby on Rails and Agile Development.
Latest Ruby Buzz Posts
Latest Ruby Buzz Posts by Jonathan Weiss
Latest Posts From BlogFish

Advertisement

There seems to be a Denial of Service vulnerability in Ruby's CGI.rb that affects all Ruby applications that use CGI for Mime parsing. That will include all Rails applications that are running on Mongrel or CGI. The only not affected constellations are WEBrick and FastCGI. A malicious URL will cause CGI.rb to use max. CPU in an infinitive loop.

So if your are using Mongrel, hotfix your installation b using the latest pre-release that depends on the monkey-patch to CGI.rb:

sudo gem install mongrel --source=http://mongrel.rubyforge.org/releases

If you are using CGI.rb by other means, install the hotfix-gem and require it:

gem install cgi_multipart_eof_fix --source=http://mongrel.rubyforge.org/releases

More details by Zed Shaw here.

Read: Ruby CGI.rb DoS vulnerability

Topic: Google Custom Search Engines Previous Topic   Next Topic Topic: The History of Ruby

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use