CVE-2011-2929: Input Validation
First published: Wed Aug 17 2011(Updated: )
A flaw in the template selection code in Ruby on Rails >=3.0 could allow an attacker to render a view they should not have access to [1]. This is corrected in 3.0.10 and 3.1.0rc6, patches are available in the advisory [1] and in git [2]. [1] <a href="http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6">http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</a> [2] <a href="https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552">https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rubyonrails Ruby On Rails | =3.0.4 | |
| Rubyonrails Rails | =3.0.0-beta | |
| Rubyonrails Rails | =3.0.0-beta2 | |
| Rubyonrails Rails | =3.0.0-beta3 | |
| Rubyonrails Rails | =3.0.0-beta4 | |
| Rubyonrails Rails | =3.0.0-rc | |
| Rubyonrails Rails | =3.0.0-rc2 | |
| Rubyonrails Rails | =3.0.1-pre | |
| Rubyonrails Rails | =3.0.2-pre | |
| Rubyonrails Rails | =3.0.0 | |
| Rubyonrails Rails | =3.0.10-rc1 | |
| Rubyonrails Rails | =3.0.1 | |
| Rubyonrails Rails | =3.0.2 | |
| Rubyonrails Rails | =3.0.3 | |
| Rubyonrails Rails | =3.0.4-rc1 | |
| Rubyonrails Rails | =3.0.5 | |
| Rubyonrails Rails | =3.0.5-rc1 | |
| Rubyonrails Rails | =3.0.6-rc1 | |
| Rubyonrails Rails | =3.0.6-rc2 | |
| Rubyonrails Rails | =3.0.6 | |
| Rubyonrails Rails | =3.0.7-rc1 | |
| Rubyonrails Rails | =3.0.7-rc2 | |
| Rubyonrails Rails | =3.0.7 | |
| Rubyonrails Rails | =3.0.8-rc1 | |
| Rubyonrails Rails | =3.0.8-rc2 | |
| Rubyonrails Rails | =3.0.8-rc3 | |
| Rubyonrails Rails | =3.0.8-rc4 | |
| Rubyonrails Rails | =3.0.8 | |
| Rubyonrails Rails | =3.0.9-rc1 | |
| Rubyonrails Rails | =3.0.9-rc2 | |
| Rubyonrails Rails | =3.0.9-rc3 | |
| Rubyonrails Rails | =3.0.9-rc4 | |
| Rubyonrails Rails | =3.0.9 | |
| Rubyonrails Rails | =3.0.9-rc5 | |
| Rubyonrails Rails | =3.1.0-beta1 | |
| Rubyonrails Rails | =3.1.0-rc1 | |
| Rubyonrails Rails | =3.1.0-rc2 | |
| Rubyonrails Rails | =3.1.0-rc3 | |
| Rubyonrails Rails | =3.1.0-rc4 | |
| Rubyonrails Rails | =3.1.0-rc5 | |
| Rubyonrails Rails | =3.1.0 | |
| redhat/rubygem-actionpack | <3.0.10 | 3.0.10 |
| redhat/rubygem-actionpack | <3.1.0 | 3.1.0 |
Remedy
http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2011/08/17/1
- http://www.openwall.com/lists/oss-security/2011/08/22/5
- http://www.openwall.com/lists/oss-security/2011/08/19/11
- http://www.openwall.com/lists/oss-security/2011/08/22/14
- http://www.openwall.com/lists/oss-security/2011/08/22/13
- http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
- https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552
- http://www.openwall.com/lists/oss-security/2011/08/20/1
- https://bugzilla.redhat.com/show_bug.cgi?id=731432
- http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
- http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=731448
- https://admin.fedoraproject.org/updates/rubygem-actionpack-3.0.5-4.fc15
- https://admin.fedoraproject.org/updates/rubygem-activesupport-3.0.10-1.fc16,rubygem-activemodel-3.0.10-1.fc16,rubygem-activerecord-3.0.10-1.fc16,rubygem-activeresource-3.0.10-1.fc16,rubygem-actionpack-3.0.10-1.fc16,rubygem-actionmailer-3.0.10-1.fc16,rubygem-railties-3.0.10-1.fc16,rubygem-rails-3.0.10-1.fc16
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2929
- agent/software-canonical-lookup
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/tags
- vendor/rubyonrails
- canonical/rubyonrails ruby on rails
- version/rubyonrails ruby on rails/3.0.4
- canonical/rubyonrails rails
- version/rubyonrails rails/3.0.0-beta
- version/rubyonrails rails/3.0.0-beta2
- version/rubyonrails rails/3.0.0-beta3
- version/rubyonrails rails/3.0.0-beta4
- version/rubyonrails rails/3.0.0-rc
- version/rubyonrails rails/3.0.0-rc2
- version/rubyonrails rails/3.0.1-pre
- version/rubyonrails rails/3.0.2-pre
- version/rubyonrails rails/3.0.0
- version/rubyonrails rails/3.0.10-rc1
- version/rubyonrails rails/3.0.1
- version/rubyonrails rails/3.0.2
- version/rubyonrails rails/3.0.3
- version/rubyonrails rails/3.0.4-rc1
- version/rubyonrails rails/3.0.5
- version/rubyonrails rails/3.0.5-rc1
- version/rubyonrails rails/3.0.6-rc1
- version/rubyonrails rails/3.0.6-rc2
- version/rubyonrails rails/3.0.6
- version/rubyonrails rails/3.0.7-rc1
- version/rubyonrails rails/3.0.7-rc2
- version/rubyonrails rails/3.0.7
- version/rubyonrails rails/3.0.8-rc1
- version/rubyonrails rails/3.0.8-rc2
- version/rubyonrails rails/3.0.8-rc3
- version/rubyonrails rails/3.0.8-rc4
- version/rubyonrails rails/3.0.8
- version/rubyonrails rails/3.0.9-rc1
- version/rubyonrails rails/3.0.9-rc2
- version/rubyonrails rails/3.0.9-rc3
- version/rubyonrails rails/3.0.9-rc4
- version/rubyonrails rails/3.0.9
- version/rubyonrails rails/3.0.9-rc5
- version/rubyonrails rails/3.1.0-beta1
- version/rubyonrails rails/3.1.0-rc1
- version/rubyonrails rails/3.1.0-rc2
- version/rubyonrails rails/3.1.0-rc3
- version/rubyonrails rails/3.1.0-rc4
- version/rubyonrails rails/3.1.0-rc5
- version/rubyonrails rails/3.1.0
- package-manager/redhat