Debian DSA-2613-1 : rails - insufficient input validation

high Nessus Plugin ID 64364

Synopsis

The remote Debian host is missing a security-related update.

Description

Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML.
Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.

The vulnerability has been addressed by removing the YAML backend and adding the OkJson backend.

Solution

Upgrade the rails packages.

For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze6.

The 3.2 version of rails as found in Debian wheezy and sid is not affected by the problem.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226

https://packages.debian.org/source/squeeze/rails

https://www.debian.org/security/2013/dsa-2613

Plugin Details

Severity: High

ID: 64364

File Name: debian_DSA-2613.nasl

Version: 1.11

Type: local

Agent: unix

Published: 1/31/2013

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:6.0, p-cpe:/a:debian:debian_linux:rails

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/29/2013

Exploitable With

Metasploit (Ruby on Rails JSON Processor YAML Deserialization Code Execution)

Reference Information

CVE: CVE-2013-0333

BID: 57575

DSA: 2613