Ubuntu Security Notice 7091-1 - It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service. This issue only affected in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that Ruby incorrectly handled parsing of an XML document that has many entity expansions with SAX2 or pull parser API. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service.
71f9fbd7bec60d2b7b4a569108c35e7c10d0ba77a14114bdae61eea8d0e2a457This script exploits the issue noted in CVE-2024-45409 that allows an unauthenticated attacker with access to any signed SAML document issued by the IDP to forge a SAML Response/Assertion and gain access as any user on GitLab. Ruby-SAML versions below or equal to 12.2 and versions 1.13.0 through 1.16.0 do not properly verify the signature of the SAML Response.
d08713f2b53b8375bee1c935a8aa40df427334d91a9660f64086fe0c225c0c55Debian Linux Security Advisory 5774-1 - It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify the signature of the SAML Response, which could result in bypass of authentication in an application using the ruby-saml library.
240177159ce0b76270aa0280d1ee5b1c3ee1ab29b2d1a466aa814c291e161d28Red Hat Security Advisory 2024-6785-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
a3043a91a60f7990757090c57383b6bae8ffe722cdf336ed294433205bf605ecRed Hat Security Advisory 2024-6784-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
ea8b4e6715b303a63f04a61d5cf6e8b194b2cb4240e45e2aa135a1ef879e9ffbThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the JSON request processor.
170aaef589710c91521601000cb3b478c0e13d9f21b9c95db63d18f83815c46dThis Metasploit module attempts to identify Ruby on Rails instances vulnerable to an arbitrary object instantiation flaw in the XML request processor.
f0ae12d1945cad391cd044fe41f2338c6b4c2ee245f8e083731f15e17c72fce3The Devise authentication gem for Ruby on Rails is vulnerable to a password reset exploit leveraging type confusion. By submitting XML to rails, we can influence the type used for the reset_password_token parameter. This allows for resetting passwords of arbitrary accounts, knowing only the associated email address. This Metasploit module defaults to the most common devise URIs and response values, but these may require adjustment for implementations which customize them. Affects Devise < v2.2.3, 2.1.3, 2.0.5 and 1.5.4 when backed by any database except PostgreSQL or SQLite3. Tested with v2.2.2, 2.1.2, and 2.0.4 on Rails 3.2.11. Patch applied to Rails 3.2.12 and 3.1.11 should prevent exploitation of this vulnerability, by quoting numeric values when comparing them with non numeric values.
ccbf068c497671105a04589b9eac7aa7ba53ed1d4e9b7c9f9b06c5cde4e46e70This Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.
98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442bThis Metasploit module uses a path traversal vulnerability in Ruby on Rails versions 5.2.2 and below to read files on a target server.
e6610f0dd279a2856b604ea85dd6f34b7e5f6cbda7b97cb0fadf6379f760daa6The Nuuo Central Management Server allows an authenticated user to download files from the installation folder. This functionality can be abused to obtain administrative credentials, the SQL Server database password and arbitrary files off the system with directory traversal. The module will attempt to download CMServer.cfg (the user configuration file with all the user passwords including the admin one), ServerConfig.cfg (the server configuration file with the SQL Server password) and a third file if the FILE argument is provided by the user. The two .cfg files are zip-encrypted files, but due to limitations of the Ruby ZIP modules included in Metasploit, these files cannot be decrypted programmatically. The user will have to open them with zip or a similar program and provide the default password "NUCMS2007!". This Metasploit module will either use a provided session number (which can be guessed with an auxiliary module) or attempt to login using a provided username and password - it will also try the default credentials if nothing is provided. All versions of CMS server up to and including 3.5 are vulnerable to this attack.
ab3ebff0713f2be89827e8e121deb46c11ff5fb4091d26d14c9a9bd041ea245fWhen Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This Metasploit module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application crashes with a segfault error. Other versions of Ruby are reported to be affected.
2d1198655520ca701328d30ac959c34844102b92bdc9874522f9945cc8f352d4The WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 to 1.8.6-p286, 1.8.7 to 1.8.7-p71, and 1.9 to r18423 allows for a DoS (CPU consumption) via a crafted HTTP request.
0d6e2a46f2df4b48609f3e00dbf592a8c7fdfdebcfe670024fa70d9a4e1c2f01Gentoo Linux Security Advisory 202408-24 - A vulnerability has been discovered in Ruby on Rails, which can lead to remote code execution via serialization of data. Versions greater than or equal to 6.1.6.1:6.1 are affected.
5581d6d215789609525852a7cd3c158e19d3d73dc1926e04a25c534e78e5de7cRed Hat Security Advisory 2024-4542-03 - An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.
997ce801d52e1d2f380bd35c336ed1d3f6f38e9f52cdcc51a98793f300b3e7d8Red Hat Security Advisory 2024-4499-03 - An update for ruby is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
edebc8f5afe8726b51356da3155f8e6a70bc190c6c176f409446deb659378f5aUbuntu Security Notice 6853-1 - It was discovered that Ruby incorrectly handled the ungetbyte and ungetc methods. A remote attacker could use this issue to cause Ruby to crash, resulting in a denial of service, or possibly obtain sensitive information.
2029ddfe4b2849fb9b699d4a0f4df756e453c30626d2f9f1e97e3fe283c8101bUbuntu Security Notice 6838-1 - It was discovered that Ruby RDoc incorrectly parsed certain YAML files. If a user or automated system were tricked into parsing a specially crafted .rdoc_options file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that the Ruby regex compiler incorrectly handled certain memory operations. A remote attacker could possibly use this issue to obtain sensitive memory contents.
120b5d48766d2e4145ff11d42e77720c22fbb0e8c31ac33a57af9a29ab60b5c4Red Hat Security Advisory 2024-3838-03 - An update for ruby is now available for Red Hat Enterprise Linux 9. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
2059cc3f70ad3bd2782f65d8186437a208d94ee6924545cb1f6dfaa50898d862Red Hat Security Advisory 2024-3671-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.
aee3811c2cba528f12e9353bb4718644dc4c49562d4c8f25ebe29b8311130441Red Hat Security Advisory 2024-3670-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 8.
60db265eb0120ae52e321be23a5b3ba68ea953be721d85636fb2d0216a8d05f1Red Hat Security Advisory 2024-3668-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 9.
68da635a2c5882c97dcdb4a8166bf8fc640f37e5b706a73644869c8a1e1db265Red Hat Security Advisory 2024-3546-03 - An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8.
0db0ea8620af022696dbd80894c5ba49131110cae04ea5941d7665f03da10d23Red Hat Security Advisory 2024-3500-03 - An update for the ruby:3.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include HTTP response splitting and denial of service vulnerabilities.
07018912af2cc2a30a1a8c489f204ef85a96a2eef4d3c15d2dfd7fdd867a602fDebian Linux Security Advisory 5698-1 - Multiple security issues were found in Rack, an interface for developing web applications in Ruby, which could result in denial of service.
c1c37e27a20d3e72e78531a52e86cb1e39cc92edc299972478df2308d6692f22
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed