Bug 218287 - (CVE-2006-6303) CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
CVE-2006-6303 ruby's cgi.rb vulnerable infinite loop DoS
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Akira TAGOH
Bill Huang
http://www.ruby-lang.org/en/news/2006...
impact=low,reported=20061204,public=2...
: Security
Depends On: 320371 320381 451930 451931
Blocks:
  Show dependency treegraph
 
Reported: 2006-12-04 09:09 EST by Red Hat Product Security
Modified: 2016-03-04 06:50 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-07-21 05:31:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for ruby cgi.rb DoS (1.51 KB, patch)
2006-12-04 09:09 EST, Lubomir Kundrak
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2006-12-04 09:09:50 EST
Description of problem:

JVN#84798830 described a problem in cgi.rb, which results in infinite loop after
certain HTTP request. While the original advisory is in Japan, you might want to
translate it with Babelfish. Anyways, it doesn't contain any useful information.
The upstream corrected the problem immediately in CVS and even released a new
package with patchlevel of 2.

Version-Release number of selected component (if applicable):

All supported versions (RHEL 2.1 to 5, and both FC 5 and FC 6) seem to contain
the vulnerable code.

How reproducible:

No reproducer.

Additional info:

The translated JVN avdisory:
http://babelfish.altavista.com/babelfish/trurl_pagecontent?lp=ja_en&trurl=http%3a%2f%2fwww.ipa.go.jp%2fsecurity%2fvuln%2fdocuments%2f2006%2fJVN_84798830_Ruby.html
Comment 1 Lubomir Kundrak 2006-12-04 09:09:50 EST
Created attachment 142732 [details]
Upstream patch for ruby cgi.rb DoS
Comment 2 Lubomir Kundrak 2006-12-08 11:07:03 EST
Is this worth being called a security issue? Josh pointed out that ruby has a
built-in webserver. What happens to the CGI when a client connection times-out
there, does it allways get killed?
Comment 3 Akira TAGOH 2006-12-11 00:35:59 EST
If you are referring to Webrick, it doesn't use CGI class that has fixed this time.
and whether or not CGI is killed depends on the implementation of the webserver,
anyway.  cgi.rb can be usually used in just a CGI script as usual and embedded
Ruby script in html too.
Comment 4 Akira TAGOH 2007-01-22 09:38:48 EST
Fixed in 1.8.1-7.el4.9.
Comment 12 Red Hat Product Security 2008-07-21 05:31:15 EDT
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2007-0961.html
  http://rhn.redhat.com/errata/RHSA-2008-0562.html

Comment 13 Red Hat Bugzilla 2009-10-23 15:07:01 EDT
Reporter changed to security-response-team@redhat.com by request of Jay Turner.

Note You need to log in before you can comment on or make changes to this bug.