GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200711-17
(Ruby on Rails: Multiple vulnerabilities)

candlerb found that ActiveResource, when processing responses using the
Hash.from_xml() function, does not properly sanitize filenames
(CVE-2007-5380). The session management functionality allowed the
'session_id' to be set in the URL (CVE-2007-5380). BCC discovered that
the to_json() function does not properly sanitize input before
returning it to the user (CVE-2007-3227).

Impact :

Unauthenticated remote attackers could exploit these vulnerabilities to
determine the existence of files or to read the contents of arbitrary
XML files
conduct session fixation attacks and gain unauthorized
access
and to execute arbitrary HTML and script code in a user's
browser session in context of an affected site by enticing a user to
browse a specially crafted URL.

Workaround :

There is no known workaround at this time.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200711-17.xml

Solution :

All Ruby on Rails users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-ruby/rails-1.2.5'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 28217 (gentoo_GLSA-200711-17.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3227
CVE-2007-5379
CVE-2007-5380