The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a "-" instead of "--" and contains an inconsistent ID.

From Red Hat Security Advisory 2006:0729 :

Updated ruby packages that fix a denial of service issue for the CGI instance are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.
(CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

Updated ruby packages that fix security issues are now available. 

This update has been rated as having moderate security impact by the Red Hat Security Response Team. 

Ruby is an interpreted scripting language for object-oriented programming. 

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. 


From Red Hat Security Advisory 2006:0604 :

A number of flaws were found in the safe-level restrictions in Ruby.  It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694)


From Red Hat Security Advisory 2006:0729 :

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data.  If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)

Updated ruby packages that fix a denial of service issue for the CGI instance are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.
(CVE-2006-5467)

Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)

An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. 

This update fixes security flaws in the following applications :

Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN

The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.

Updated packages have been patched to correct this issue.

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.

The remote host is affected by the vulnerability described in GLSA-200611-12 (Ruby: Denial of Service vulnerability)

    Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported     that the CGI library shipped with Ruby is vulnerable to a remote Denial     of Service by an unauthenticated user.
  Impact :

    The vulnerability can be exploited by sending the cgi.rb library an     HTTP request with multipart MIME encoding that contains a malformed     MIME boundary specifier beginning with '-' instead of '--'. Successful     exploitation of the vulnerability causes the library to go into an     infinite loop waiting for additional nonexistent input.
  Workaround :

    There is no known workaround at this time.

Official ruby site reports :

A vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with '-' instead of '--'.
Once triggered it will exhaust all available memory resources effectively creating a DoS condition.

ID	Name	Product	Family	Severity
67420	Oracle Linux 3 : ruby (ELSA-2006-0729)	Nessus	Oracle Linux Local Security Checks	medium
67399	Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729)	Nessus	Oracle Linux Local Security Checks	medium
37153	CentOS 3 / 4 : ruby (CESA-2006:0729)	Nessus	CentOS Local Security Checks	medium
29571	SuSE 10 Security Update : ruby (ZYPP Patch Number 2224)	Nessus	SuSE Local Security Checks	medium
27952	Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)	Nessus	Ubuntu Local Security Checks	medium
27422	openSUSE 10 Security Update : ruby (ruby-2219)	Nessus	SuSE Local Security Checks	medium
25297	Mac OS X Multiple Vulnerabilities (Security Update 2007-005)	Nessus	MacOS X Local Security Checks	critical
24577	Mandrake Linux Security Advisory : ruby (MDKSA-2006:192)	Nessus	Mandriva Local Security Checks	medium
23848	Debian DSA-1235-1 : ruby1.8 - denial of service	Nessus	Debian Local Security Checks	medium
23847	Debian DSA-1234-1 : ruby1.6 - denial of service	Nessus	Debian Local Security Checks	medium
23706	GLSA-200611-12 : Ruby: Denial of Service vulnerability	Nessus	Gentoo Local Security Checks	medium
23679	RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0729)	Nessus	Red Hat Local Security Checks	medium
22938	FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2006-5467

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

critical

medium

medium

medium

medium

medium

medium