Ubuntu
ruby-gnome2 package

[ruby-gnome2] [CVE-2007-6183] improper input sanitizing / format string vulnerability

Bug #175827 reported by disabled.user
256
Affects Status Importance Assigned to Milestone
ruby-gnome2 (Debian)
Fix Released
Unknown
ruby-gnome2 (Fedora)
Fix Released
Medium
ruby-gnome2 (Gentoo Linux)
Fix Released
Medium
ruby-gnome2 (Ubuntu)
Fix Released
Undecided
Unassigned
Dapper
Won't Fix
Undecided
Unassigned
Edgy
Won't Fix
Undecided
Unassigned
Feisty
Won't Fix
Undecided
Unassigned
Gutsy
Won't Fix
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: ruby-gnome2

References:
DSA-1431-1 (http://www.debian.org/security/2007/dsa-1431)

Quoting DSA-1431-1:
"It was discovered that ruby-gnome2, GNOME-related bindings for the Ruby language, didn't properly sanitize input prior to constructing dialogs. This could allow for the execution of arbitary code if untrusted input is displayed within a dialog."

Quoting CVE-2007-6183:
"Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter."

CVE References

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Secunia advisory:

Chris Rohlf has reported a vulnerability in Ruby-GNOME2, which can potentially
be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to a format string error within the
"Gtk::MessageDialog.new()" method in gtk/src/rbgtkmessagedialog.c and can
potentially be exploited to execute arbitrary code when a specially crafted
string is passed to the affected function.

NOTE: Exploitation and impact of this vulnerability depend on how an application
uses the affected function of the vulnerable library.

The vulnerability is reported in version 0.16.0. Other versions may also be
affected.

References:
http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html
http://secunia.com/advisories/27825/

Upstream SVN commit:
http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2?view=rev&revision=2720

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Created attachment 271351
Reproducer extracted from Chris Rohlf's blog

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

CVE id CVE-2007-6183 was assigned to this issue.

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

ruby-gnome2-0.16.0-18.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.

Revision history for this message
In , Fedora (fedora-redhat-bugs) wrote :

ruby-gnome2-0.16.0-18.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.

Bug Watch Updater (bug-watch-updater)
Changed in ruby-gnome2:
status: Unknown → Fix Released
Revision history for this message
William Grant (wgrant) wrote :

Fixed in 0.16.0-10.

Changed in ruby-gnome2:
status: New → Fix Released
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Triaged
status: Confirmed → Triaged
assignee: nobody → fujitsu
status: New → Triaged
assignee: nobody → fujitsu
status: New → Triaged
Revision history for this message
William Grant (wgrant) wrote :

Affects all releases. I'll steal patches from Debian shortly.

Bug Watch Updater (bug-watch-updater)
Changed in ruby-gnome2:
status: Unknown → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in ruby-gnome2:
status: Unknown → Fix Released
Revision history for this message
Hew (hew) wrote :

Ubuntu Edgy Eft is no longer supported, so a SRU will not be issued for this release. Marking Edgy as Won't Fix.

Changed in ruby-gnome2:
status: Triaged → Won't Fix
Revision history for this message
LumpyCustard (orangelumpycustard) wrote :

Please close for Feisty as Won't Fix? This goes for all the other Feisty bugs.

Revision history for this message
Hew (hew) wrote :

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in ruby-gnome2:
status: Triaged → Won't Fix
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in ruby-gnome2 (Ubuntu Gutsy):
status: Triaged → Won't Fix
William Grant (wgrant)
Changed in ruby-gnome2 (Ubuntu Gutsy):
assignee: William Grant (wgrant) → nobody
Changed in ruby-gnome2 (Ubuntu Feisty):
assignee: William Grant (wgrant) → nobody
Changed in ruby-gnome2 (Ubuntu Edgy):
assignee: William Grant (wgrant) → nobody
Changed in ruby-gnome2 (Ubuntu Dapper):
assignee: William Grant (wgrant) → nobody
Bug Watch Updater (bug-watch-updater)
Changed in ruby-gnome2 (Gentoo Linux):
importance: Unknown → Medium
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in ruby-gnome2 (Ubuntu Dapper):
status: Triaged → Won't Fix
Bug Watch Updater (bug-watch-updater)
Changed in ruby-gnome2 (Fedora):
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.