[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Ruby creators warn of serious flaws
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2008-06-25 6:35:25
Message-ID: Pine.LNX.4.61.0806250135160.26812 () conundrum ! infosecnews ! org
[Download RAW message or body]

http://www.techworld.com/security/news/index.cfm?newsID=101993

By Matthew Broersma
Techworld
24 June 2008

The Ruby programming language, which has become popular as the basis for 
web 2.0 sites such as Twitter, contains serious security flaws that 
could allow attackers to take over an organisation's web server, 
according to the Ruby development team.

The "disturbing" flaws, which were disclosed on Friday, could affect 
nearly any typical Ruby-based web application, according to Thomas 
Ptacek, founder of security firm Matasano.

The five bugs affect Ruby version 1.8 up to 1.8.7-p21 and version 1.9 up 
to 1.9.0-1, according to the Ruby development team.

Users can remedy the problem by upgrading to a patched version of Ruby, 
developers said, with patches available on the Ruby language site [1].

[1] http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

[...]


_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
[prev in list] [next in list] [prev in thread] [next in thread]