Ruby on Rails XML Processor YAML Deserialization
Added: 02/15/2013CVE: CVE-2013-0156
BID: 57187
OSVDB: 89026
Background
Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration.Problem
Ruby on Rails versions prior to 2.3.15, 3.0.19, 3.1.10, and 3.2.11 contain a vulnerability in the way they handle casting string values when nesting XML entity references using YAML type conversion of Symbol type conversion.Resolution
Update to the latest version of Ruby on Rails.References
http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/http://www.kb.cert.org/vuls/id/380039
http://www.kb.cert.org/vuls/id/628463
Limitations
This exploit has been tested against Ruby on Rails 3.0.18 on CentOS 6 (Exec-Shield Enabled).Platforms
LinuxBack to exploit index