Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
BID:58274
Info
Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
| Bugtraq ID: | 58274 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-1800 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 14 2013 12:00AM |
| Updated: | Apr 08 2014 11:28AM |
| Credit: | Ben Murphy, Magnus Holm, Felix Wilhelm, Darcy Laycock, Jonathan Rudenberg, Bryan Helmkamp, Benoist Claassen and Charlie Somerville |
| Vulnerable: |
Gentoo Linux |
| Not Vulnerable: | |
Discussion
Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
crack is prone to a parameter parsing vulnerability.
An attacker can exploit this vulnerability to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.
crack versions 0.3.1 and prior are affected.
crack is prone to a parameter parsing vulnerability.
An attacker can exploit this vulnerability to bypass certain security restrictions, execute arbitrary code in the context of the affected application, exploit latent vulnerabilities in the underlying database, deny service to legitimate users, or perform unauthorized actions. Other attacks are also possible.
crack versions 0.3.1 and prior are affected.
Exploit / POC
Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ruby crack CVE-2013-1800 Parameter Parsing Vulnerability
References:
References: