Debian DSA-2613-1 : rails - insufficient input validation

high Nessus Plugin ID 64364
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Debian host is missing a security-related update.

Description

Lawrence Pit discovered that Ruby on Rails, a web development framework, is vulnerable to a flaw in the parsing of JSON to YAML.
Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML.

The vulnerability has been addressed by removing the YAML backend and adding the OkJson backend.

Solution

Upgrade the rails packages.

For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze6.

The 3.2 version of rails as found in Debian wheezy and sid is not affected by the problem.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699226

https://packages.debian.org/source/squeeze/rails

https://www.debian.org/security/2013/dsa-2613

Plugin Details

Severity: High

ID: 64364

File Name: debian_DSA-2613.nasl

Version: 1.11

Type: local

Agent: unix

Published: 1/31/2013

Updated: 1/11/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:rails, cpe:/o:debian:debian_linux:6.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/29/2013

Exploitable With

Metasploit (Ruby on Rails JSON Processor YAML Deserialization Code Execution)

Reference Information

CVE: CVE-2013-0333

BID: 57575

DSA: 2613