Ruby on Rails XML Processor YAML Deserialization

Added: 02/15/2013
CVE: CVE-2013-0156
BID: 57187
OSVDB: 89026

Background

Ruby on Rails is a full stack, Web application framework optimized for sustainable programming productivity, allowing writing sound code by favoring convention over configuration.

Problem

Ruby on Rails versions prior to 2.3.15, 3.0.19, 3.1.10, and 3.2.11 contain a vulnerability in the way they handle casting string values when nesting XML entity references using YAML type conversion of Symbol type conversion.

Resolution

Update to the latest version of Ruby on Rails.

References

http://weblog.rubyonrails.org/2013/1/28/Rails-3-0-20-and-2-3-16-have-been-released/
http://www.kb.cert.org/vuls/id/380039
http://www.kb.cert.org/vuls/id/628463

Limitations

This exploit has been tested against Ruby on Rails 3.0.18 on CentOS 6 (Exec-Shield Enabled).

Platforms

Linux

Back to exploit index