The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

From Red Hat Security Advisory 2008:0562 :

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)

Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues.

From Red Hat Security Advisory 2007:0961 :

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.

Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

The ruby package was updated to fix a denial of service problem in its CGI module when parsing multipart MIME messages. (CVE-2006-6303)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for object-oriented programming.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770)

Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1 and 3.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy object-oriented programming.

Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)

It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)

Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.

A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. A remote attacker could send a specially crafted request and cause the Ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303)

Users of Ruby should upgrade to these updated packages, which contain a backported patches to resolve these issues.

An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2007-005 applied. 

This update fixes security flaws in the following applications :

Alias Manager BIND CoreGraphics crontabs fetchmail file iChat mDNSResponder PPP ruby screen texinfo VPN

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

Updated packages have been patched to correct this issue.

The remote host is affected by the vulnerability described in GLSA-200612-21 (Ruby: Denial of Service vulnerability)

    The read_multipart function of the CGI library shipped with Ruby     (cgi.rb) does not properly check boundaries in MIME multipart content.
    This is a different issue than GLSA 200611-12.
  Impact :

    The vulnerability can be exploited by sending the cgi.rb library a     crafted HTTP request with multipart MIME encoding that contains a     malformed MIME boundary specifier. Successful exploitation of the     vulnerability causes the library to go into an infinite loop.
  Workaround :

    There is no known workaround at this time.

The official ruby site reports :

Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).

A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.

ID	Name	Product	Family	Severity
67717	Oracle Linux 3 : ruby (ELSA-2008-0562)	Nessus	Oracle Linux Local Security Checks	critical
67584	Oracle Linux 4 : ruby (ELSA-2007-0961)	Nessus	Oracle Linux Local Security Checks	medium
60441	Scientific Linux Security Update : ruby on SL3.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
60301	Scientific Linux Security Update : ruby on SL5.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
41118	SuSE9 Security Update : ruby (YOU Patch Number 11442)	Nessus	SuSE Local Security Checks	medium
37552	CentOS 4 : ruby (CESA-2007:0961)	Nessus	CentOS Local Security Checks	medium
33496	RHEL 2.1 / 3 : ruby (RHSA-2008:0562)	Nessus	Red Hat Local Security Checks	critical
33489	CentOS 3 : ruby (CESA-2008:0562)	Nessus	CentOS Local Security Checks	critical
29572	SuSE 10 Security Update : ruby (ZYPP Patch Number 2654)	Nessus	SuSE Local Security Checks	medium
28201	RHEL 4 : ruby (RHSA-2007:0961)	Nessus	Red Hat Local Security Checks	medium
27980	Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)	Nessus	Ubuntu Local Security Checks	medium
27423	openSUSE 10 Security Update : ruby (ruby-2655)	Nessus	SuSE Local Security Checks	medium
25297	Mac OS X Multiple Vulnerabilities (Security Update 2007-005)	Nessus	MacOS X Local Security Checks	critical
24609	Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)	Nessus	Mandriva Local Security Checks	medium
23958	GLSA-200612-21 : Ruby: Denial of Service vulnerability	Nessus	Gentoo Local Security Checks	medium
23771	FreeBSD : ruby -- cgi.rb library Denial of Service (a8674c14-83d7-11db-88d5-0012f06707f0)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2006-6303

high

Tenable Plugins

critical

medium

critical

medium

medium

medium

critical

critical

medium

medium

medium

medium

critical

medium

medium

medium