Ruby "Exception # to_s" method bypasses the Security Restriction Vulnerability

Release date:
Updated on:

Affected Systems:
Yukihiro Matsumoto Ruby 1.8.x
Unaffected system:
Yukihiro Matsumoto Ruby 1.8.7-
Description:
--------------------------------------------------------------------------------
Bugtraq id: 46458

Ruby is a powerful object-oriented scripting language.

The Ruby "Exception # to_s" method has a Security Restriction Bypass Vulnerability. Remote attackers can exploit this vulnerability to bypass certain security restrictions and escalate their permissions.

This vulnerability is caused by exceptions during "Exception # to_s" processing and can be exploited to bypass security level protection, such as modifying protected strings. In Ruby's $ SAFE, Security Level 4 is used to run Untrusted code (such as plug-ins ). In higher security levels, some types of operations are prohibited to prevent malicious code from attacking normal data. Exception # to_s can be used to fool $ SAFE check and cause suspicious code to modify arbitrary strings. The "# to_s" method can fool the security level mechanism and modify normal data in a destructive manner.

<* Link: http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Yukihiro Matsumoto
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.ruby-lang.org/