+++ This bug was initially created as a clone of Bug #212237 +++ Jeremy Kemper mailed this information to vendor-sec: Fix an exploitable bug in CGI multipart parsing which affects Ruby <= 1.8.5 when the input stream returns "" (empty string) instead of nil on EOF. Certain malformed multipart requests leave the parser in a non-terminating state, leaving the program vulnerable to denial of service attack. The fix more carefully checks for input stream EOF. affected: standalone CGI, Mongrel unaffected: FastCGI, mod_ruby, WEBrick This fully closes a previously-reported but partially-fixed vulnerability: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983 http://www.securityfocus.com/bid/11618/info -- Additional comment from bressers on 2006-10-25 15:28 EST -- Created an attachment (id=139389) Proposed patch -- Additional comment from bressers on 2006-10-26 13:26 EST -- Lifting embargo: http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
This issue also affects FC5
fixed in 1.8.5-4.fc6 and 1.8.5-1.fc5.
ruby-1.8.5-4.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.