Bug 218289

Summary: CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
Product: [Fedora] Fedora Reporter: Lubomir Kundrak <lkundrak>
Component: rubyAssignee: Akira TAGOH <tagoh>
Status: CLOSED ERRATA QA Contact: Bill Huang <bhuang>
Severity: low Docs Contact:
Priority: low    
Version: 6Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
Whiteboard: impact=low,reported=20061204,public=20061204,source=gentoo
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-12-12 03:05:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2006-12-04 14:18:59 UTC 
+++ This bug was initially created as a clone of Bug #218287 +++

Description of problem:

JVN#84798830 described a problem in cgi.rb, which results in infinite loop after
certain HTTP request. While the original advisory is in Japan, you might want to
translate it with Babelfish. Anyways, it doesn't contain any useful information.
The upstream corrected the problem immediately in CVS and even released a new
package with patchlevel of 2.

Version-Release number of selected component (if applicable):

All supported versions (RHEL 2.1 to 5, and both FC 5 and FC 6) seem to contain
the vulnerable code.

How reproducible:

No reproducer.

Additional info:

The translated JVN avdisory:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=ja_en&trurl=http%3a%2f%2fwww.ipa.go.jp%2fsecurity%2fvuln%2fdocuments%2f2006%2fJVN_84798830_Ruby.html

-- Additional comment from lkundrak on 2006-12-04 09:09 EST --
Created an attachment (id=142732)
Upstream patch for ruby cgi.rb DoS
Comment 1 Akira TAGOH 2006-12-11 07:47:02 UTC 
fixed in 1.8.5.2-1.fc6 and 1.8.5.2-1.fc5.
Comment 2 Fedora Update System 2006-12-11 16:14:06 UTC 
ruby-1.8.5.2-1.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.