Bug 212396 (CVE-2006-5467) - CVE-2006-5467 Ruby CGI multipart parsing DoS
Summary: CVE-2006-5467 Ruby CGI multipart parsing DoS
Alias: CVE-2006-5467
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Akira TAGOH
QA Contact: Bill Huang
Depends On:
TreeView+ depends on / blocked
Reported: 2006-10-26 17:29 UTC by Josh Bressers
Modified: 2021-11-12 19:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2006-10-31 09:02:40 UTC

Attachments (Terms of Use)

Description Josh Bressers 2006-10-26 17:29:45 UTC
+++ This bug was initially created as a clone of Bug #212237 +++

Jeremy Kemper mailed this information to vendor-sec:

    Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5
    when the input stream returns "" (empty string) instead of nil on EOF.
    Certain malformed multipart requests leave the parser in a non-terminating
    state, leaving the program vulnerable to denial of service attack. The fix
    more carefully checks for input stream EOF.
      affected: standalone CGI, Mongrel
      unaffected: FastCGI, mod_ruby, WEBrick

    This fully closes a previously-reported but partially-fixed vulnerability:

-- Additional comment from bressers on 2006-10-25 15:28 EST --
Created an attachment (id=139389)
Proposed patch

-- Additional comment from bressers on 2006-10-26 13:26 EST --
Lifting embargo:

Comment 1 Josh Bressers 2006-10-26 17:31:00 UTC
This issue also affects FC5

Comment 2 Akira TAGOH 2006-10-27 15:14:49 UTC
fixed in 1.8.5-4.fc6 and 1.8.5-1.fc5.

Comment 3 Fedora Update System 2006-10-30 21:38:06 UTC
ruby-1.8.5-4.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.