Ubuntu
rails package

[rails] Several vulnerabilities allowing for file disclosure and theft of user credentials

Bug #163832 reported by disabled.user
258
Affects Status Importance Assigned to Milestone
rails (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: rails

References:
http://www.gentoo.org/security/en/glsa/glsa-200711-17.xml

Quoting:
"candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames (CVE-2007-5380). The session management functionality allowed the "session_id" to be set in the URL (CVE-2007-5380). BCC discovered that the to_json() function does not properly sanitize input before returning it to the user (CVE-2007-3227).
[...]
Unauthenticated remote attackers could exploit these vulnerabilities to determine the existence of files or to read the contents of arbitrary XML files; conduct session fixation attacks and gain unauthorized access; and to execute arbitrary HTML and script code in a user's browser session in context of an affected site by enticing a user to browse a specially crafted URL."

Revision history for this message
William Grant (wgrant) wrote :

CVE-2007-6077 (bug #173203) should be fixed if/when fixes for these three are pushed to Dapper/Edgy/Feisty.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Affects 1.2.5 and earlier.

Changed in rails:
status: New → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in rails:
status: New → Won't Fix
Revision history for this message
LumpyCustard (orangelumpycustard) wrote :

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in rails:
status: New → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in rails (Ubuntu Gutsy):
status: New → Won't Fix
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in rails (Ubuntu Dapper):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.