CVE-2013-2065
published 2013-11-02CVE-2013-2065: (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which…
PriorityP431medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EPSS
2.51%
82.8th percentile
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat6.4MEDIUM
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Ruby vulnerabilities
vendor_ubuntu·2013-11-27·CVSS 6.4
CVE-2013-2065 [MEDIUM] Ruby vulnerabilities
Title: Ruby vulnerabilities
Summary: Several security issues were fixed in Ruby.
Charlie Somerville discovered that Ruby incorrectly handled floating point
number conversion. An attacker could possibly use this issue with an
application that converts text to floating point numbers to cause the
application to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2013-4164)
Vit Ondruch discovered that Ruby did not perform taint checking for certain
functions. An attacker could possibly use this issue to bypass certain
intended restrictions. (CVE-2013-2065)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
Ruby: Object taint bypassing in DL and Fiddle
vendor_redhat·2013-05-14·CVSS 6.4
CVE-2013-2065 [MEDIUM] Ruby: Object taint bypassing in DL and Fiddle
Ruby: Object taint bypassing in DL and Fiddle
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
Package: ruby193-ruby (OpenShift Enterprise 1) - Affected
Package: ruby (Red Hat Enterprise Linux 4) - Not affected
Package: ruby (Red Hat Enterprise Linux 5) - Not affected
Package: ruby (Red Hat Enterprise Linux 6) - Not affected
Package: ruby193-ruby (Red Hat Software Collections) - Affected
GHSA
GHSA-wh77-3w5g-7q6x: (1) DL and (2) Fiddle in Ruby 1
ghsa_unreviewed·2022-05-14
CVE-2013-2065 [MEDIUM] GHSA-wh77-3w5g-7q6x: (1) DL and (2) Fiddle in Ruby 1
(1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle [fedora-all]
bugzilla·2013-05-14·CVSS 6.4
CVE-2013-2065 [MEDIUM] CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle [fedora-all]
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects
Bugzilla
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
bugzilla·2013-05-11·CVSS 6.4
CVE-2013-2065 [MEDIUM] CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
CVE-2013-2065 Ruby: Object taint bypassing in DL and Fiddle
Aaron Patterson ([email protected]) reports:
Object taint bypassing in DL and Fiddle in Ruby
There is a vulnerability in DL and Fiddle in Ruby where tainted strings can be
used by system calls regardless of the $SAFE level set in Ruby. This
vulnerability has been assigned the CVE identifier CVE-2013-2065.
Versions Affected: 1.9.3-pX, 2.0.0-p0
Not affected: 1.8.X
Fixed Versions: 1.9.3-pX, 2.0.0-pX
Impact
Native functions exposed to Ruby with DL or Fiddle do not check the taint
values set on the objects passed in. This can result in tainted objects being
accepted as input when a SecurityError exception should be raised.
Impacted DL code will look something like this:
def my_function(user_input)
handle = DL.dlopen(nil)
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00057.htmlhttp://www.ubuntu.com/usn/USN-2035-1https://puppet.com/security/cve/cve-2013-2065https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107064.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107098.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/107120.htmlhttp://lists.opensuse.org/opensuse-updates/2013-10/msg00057.htmlhttp://www.ubuntu.com/usn/USN-2035-1https://puppet.com/security/cve/cve-2013-2065https://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
2013-11-02
Published