GLSA-200711-17 : Ruby on Rails: Multiple vulnerabilities

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200711-17
(Ruby on Rails: Multiple vulnerabilities)

candlerb found that ActiveResource, when processing responses using the
Hash.from_xml() function, does not properly sanitize filenames
(CVE-2007-5380). The session management functionality allowed the
'session_id' to be set in the URL (CVE-2007-5380). BCC discovered that
the to_json() function does not properly sanitize input before
returning it to the user (CVE-2007-3227).

Impact :

Unauthenticated remote attackers could exploit these vulnerabilities to
determine the existence of files or to read the contents of arbitrary
XML files
conduct session fixation attacks and gain unauthorized
and to execute arbitrary HTML and script code in a user's
browser session in context of an affected site by enticing a user to
browse a specially crafted URL.

Workaround :

There is no known workaround at this time.

See also :

Solution :

All Ruby on Rails users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-ruby/rails-1.2.5'

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Gentoo Local Security Checks

Nessus Plugin ID: 28217 (gentoo_GLSA-200711-17.nasl)

Bugtraq ID:

CVE ID: CVE-2007-3227