Bug 1036483 (CVE-2013-6414)
| Summary: | CVE-2013-6414 rubygem-actionpack: Action View DoS | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Garth Mollett <gmollett> | ||||||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||||
| Severity: | medium | Docs Contact: | |||||||||
| Priority: | medium | ||||||||||
| Version: | unspecified | CC: | aortega, apevec, athomas, ayoung, bdunne, bgollahe, bkearney, bleanhar, ccoleman, chrisw, cpelland, dmcphers, drieden, gkotton, hhorak, iheim, jdetiber, jfrey, jialiu, jorton, jrafanie, jrusnack, kseifried, lhh, lmeyer, markmc, mmaslano, mmccune, mmcgrath, nobody+bgollahe, obarenbo, rbryant, ruby-maint, sclewis, security-response-team, tdawson, vondruch, xlecauch, yeylon | ||||||||
| Target Milestone: | --- | Keywords: | Security | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | All | ||||||||||
| OS: | Linux | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | rubygem-actionpack 3.2.16, rubygem-actionpack 4.0.2 | Doc Type: | Bug Fix | ||||||||
| Doc Text: |
A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed.
|
Story Points: | --- | ||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2015-01-17 05:35:33 UTC | Type: | --- | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Bug Depends On: | 1036415, 1036420, 1036421, 1037487, 1120007, 1120008, 1159438, 1165364, 1165365 | ||||||||||
| Bug Blocks: | 1000138, 1036411 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Garth Mollett
2013-12-02 06:22:39 UTC
Quoting further details form the upstream advisory draft: Denial of Service Vulnerability in Action View There is a denial of service vulnerability in the header handling component of Action View. This vulnerability has been assigned the CVE identifier CVE-2013-6414. Versions Affected: 3.0.0 and all later versions Not affected: 2.3.x Fixed Versions: 4.0.2, 3.2.16 Impact ------ Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. All users running an affected release should either upgrade or use one of the work arounds immediately. Releases -------- The 4.0.2 & 3.2.16 releases are available at the normal locations. Credits ------- Thanks to Toby Hsieh of SlideShare for reporting the issue to us Created attachment 831767 [details]
Upstream patch for 3.0.x
Created attachment 831769 [details]
Upstream patch for 3.2.x
Created attachment 831770 [details]
Upstream patch for 4.0.x
Fixed upstream in 3.2.16 and 4.0.2: http://weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released/ https://groups.google.com/forum/#!topic/ruby-security-ann/A-ebV4WxzKg http://seclists.org/oss-sec/2013/q4/400 Upstream commits (3.2 and 4.0): https://github.com/rails/rails/commit/bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068 https://github.com/rails/rails/commit/1ec3806cc8d32e8365a1edbabcda3ef104f62055 This issue has been addressed in following products: Red Hat Software Collections for RHEL-6 Via RHSA-2013:1794 https://rhn.redhat.com/errata/RHSA-2013-1794.html This issue has been addressed in following products: OpenStack 3 for RHEL 6 Via RHSA-2014:0008 https://rhn.redhat.com/errata/RHSA-2014-0008.html Acknowledgements: Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Toby Hsieh as the original reporter. IssueDescription: A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed. This issue has been addressed in the following products: Red Hat Subscription Asset Manager 1.4 Via RHSA-2014:1863 https://rhn.redhat.com/errata/RHSA-2014-1863.html |