Bug 1036483 (CVE-2013-6414) - CVE-2013-6414 rubygem-actionpack: Action View DoS
Summary: CVE-2013-6414 rubygem-actionpack: Action View DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-6414
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1036415 1036420 1036421 1037487 1120007 1120008 1159438 1165364 1165365
Blocks: 1000138 1036411
TreeView+ depends on / blocked
 
Reported: 2013-12-02 06:22 UTC by Garth Mollett
Modified: 2023-05-13 00:15 UTC (History)
39 users (show)

Fixed In Version: rubygem-actionpack 3.2.16, rubygem-actionpack 4.0.2
Doc Type: Bug Fix
Doc Text:
A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed.
Clone Of:
Environment:
Last Closed: 2015-01-17 05:35:33 UTC
Embargoed:


Attachments (Terms of Use)
Upstream patch for 3.0.x (1.13 KB, patch)
2013-12-02 20:17 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch for 3.2.x (964 bytes, patch)
2013-12-02 20:21 UTC, Tomas Hoger
no flags Details | Diff
Upstream patch for 4.0.x (977 bytes, patch)
2013-12-02 20:22 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1794 0 normal SHIPPED_LIVE Important: ruby193-rubygem-actionpack security update 2013-12-06 03:00:44 UTC
Red Hat Product Errata RHSA-2014:0008 0 normal SHIPPED_LIVE Important: ruby193-rubygem-actionpack security update 2014-01-06 23:02:25 UTC
Red Hat Product Errata RHSA-2014:1863 0 normal SHIPPED_LIVE Important: Subscription Asset Manager 1.4 security update 2014-11-17 22:08:19 UTC

Description Garth Mollett 2013-12-02 06:22:39 UTC
Michael Koziarski reports:

Strings sent in specially crafted headers will be cached indefinitely.  This
can cause the cache to grow infinitely, which will eventually consume all
memory on the target machine, causing a denial of service.

Comment 1 Tomas Hoger 2013-12-02 20:15:33 UTC
Quoting further details form the upstream advisory draft:


Denial of Service Vulnerability in Action View

There is a denial of service vulnerability in the header handling component of Action View. This vulnerability has been assigned the CVE identifier CVE-2013-6414.

Versions Affected:  3.0.0 and all later versions
Not affected:       2.3.x
Fixed Versions:     4.0.2, 3.2.16

Impact 
------ 
Strings sent in specially crafted headers will be cached indefinitely.  This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service.  All users running an affected release should either upgrade or use one of the work arounds immediately. 

Releases 
-------- 
The 4.0.2 & 3.2.16 releases are available at the normal locations. 

Credits 
------- 
Thanks to Toby Hsieh of SlideShare for reporting the issue to us

Comment 2 Tomas Hoger 2013-12-02 20:17:49 UTC
Created attachment 831767 [details]
Upstream patch for 3.0.x

Comment 3 Tomas Hoger 2013-12-02 20:21:03 UTC
Created attachment 831769 [details]
Upstream patch for 3.2.x

Comment 4 Tomas Hoger 2013-12-02 20:22:42 UTC
Created attachment 831770 [details]
Upstream patch for 4.0.x

Comment 6 errata-xmlrpc 2013-12-05 22:04:13 UTC
This issue has been addressed in following products:

  Red Hat Software Collections for RHEL-6

Via RHSA-2013:1794 https://rhn.redhat.com/errata/RHSA-2013-1794.html

Comment 7 errata-xmlrpc 2014-01-06 18:04:37 UTC
This issue has been addressed in following products:

  OpenStack 3 for RHEL 6

Via RHSA-2014:0008 https://rhn.redhat.com/errata/RHSA-2014-0008.html

Comment 11 Kurt Seifried 2014-11-13 06:21:33 UTC
Acknowledgements:

Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Toby Hsieh as the original reporter.

Comment 12 Martin Prpič 2014-11-14 16:21:16 UTC
IssueDescription:

A denial of service flaw was found in the header handling component of Action View. A remote attacker could send strings in specially crafted headers that would be cached indefinitely, which would result in all available system memory eventually being consumed.

Comment 13 errata-xmlrpc 2014-11-17 17:09:04 UTC
This issue has been addressed in the following products:

  Red Hat Subscription Asset Manager 1.4

Via RHSA-2014:1863 https://rhn.redhat.com/errata/RHSA-2014-1863.html


Note You need to log in before you can comment on or make changes to this bug.