CVE-2012-4522
published 2012-11-24CVE-2012-4522: The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.20%
80.3th percentile
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_redhat5.0MEDIUM
vendor_ubuntu5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2012-10-23·CVSS 5.0
CVE-2012-4464 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted
strings to be modified in protective safe levels. An attacker could use this
flaw to bypass intended access restrictions. USN-1602-1 fixed these
vulnerabilities in other Ubuntu releases. This update provides the
corresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466)
Peter Bex discovered that Ruby incorrectly handled file path strings when
opening files. An attacker could use this flaw to open or create unexpected
files. (CVE-2012-4522)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
ruby: unintentional file creation caused by inserting an illegal NUL character
vendor_redhat·2012-10-12·CVSS 5.0
CVE-2012-4522 [MEDIUM] CWE-626 ruby: unintentional file creation caused by inserting an illegal NUL character
ruby: unintentional file creation caused by inserting an illegal NUL character
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
Statement: This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 6.
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
GHSA
GHSA-6mch-f8jc-rpmr: The rb_get_path_check function in file
ghsa_unreviewed·2022-05-17
CVE-2012-4522 [MEDIUM] GHSA-6mch-f8jc-rpmr: The rb_get_path_check function in file
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character [fedora-all]
bugzilla·2012-10-15·CVSS 5.0
CVE-2012-4522 [MEDIUM] CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character [fedora-all]
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Bugzilla
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
bugzilla·2012-10-12·CVSS 5.0
CVE-2012-4522 [MEDIUM] CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
CVE-2012-4522 ruby: unintentional file creation caused by inserting an illegal NUL character
An upstream Ruby security notice [1] indicated that ruby suffered from a flaw where unintended files could be created if they contained a NUL characer in the file path or name. Certain methods like IO#open did not check the filename passed to them, and just passed those strings to lower layer routines, which could lead to unintentional files being created, as demonstrated:
p File.exists?("foo") #=> false
open("foo\0bar", "w") { |f| f.puts "hai" }
p File.exists?("foo") #=> true
p File.exists?("foo\0bar") #=> raises ArgumentError
Upstream indicates that ruby 1.9.3 prior to patchlevel 286 is vulnerable. An upstream patch is available [2].
[1] http://preview.ruby-lang.org/en/news/2012/10/12/poisone
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0129.htmlhttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163http://www.openwall.com/lists/oss-security/2012/10/12/6http://www.openwall.com/lists/oss-security/2012/10/13/1http://www.openwall.com/lists/oss-security/2012/10/16/1http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0129.htmlhttp://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163http://www.openwall.com/lists/oss-security/2012/10/12/6http://www.openwall.com/lists/oss-security/2012/10/13/1http://www.openwall.com/lists/oss-security/2012/10/16/1http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/
2012-11-24
Published