Sharon Machlis

Machlis Musings

Security hole uncovered in Ruby; many Rails apps likely affected

TAGS:Ruby, Ruby on Rails
IT TOPICS:Cybercrime & Hacking, Development, Security

The Ruby programming language's bigDecimal standard library has a denial-of-service vulnerability that would allow malicious hackers to successfully launch a DoS attack. The security hole allows an attack "by causing BigDecimal to parse an insanely large number, such as: BigDecimal("9E69999999").to_s("F")," according to a Web site maintained by the Ruby community.

The Rails framework's ActiveRecord standard model uses this Ruby library, "so most Rails applicaions are affected by this," the posting notes.

Ruby 1.8.6-p368 and all prior versions, as well as 1.8.7-p160 and all prior versions are affected. Users are advised to upgrade to 1.8.6-p369 or 1.8.7-p173. Ruby's 1.9.1 series is not affected by the security hole.

There is a suggested workaround for those unable to upgrade, according to an e-mail from Rails contributor and consultant Michael Koziarski.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Android Market security: An interview with Android's VP of engineering

DNA Hackers: Synthetic biology weaponized virus, zero-day exploit to infect your brain?

Think Windows is insecure? You're wrong, says security firm Kaspersky.

Why the bad guys are winning

Today's Top Stories

Essential browser tools for Web developers

Hands on: The new iPad

Microsoft cuts the prices of some Office 365 plans

Google works to overhaul its search

Mozilla will start Firefox silent updates in June

Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?

Hot Posts

Google wins again vs. Oracle: No patent probs.

Posted by IT Blogwatch |

Apple iPhone 5 -- fresh reports claim 4-inch display

Posted by Jonny Evans |

London's flying cameras spy shoelaces nearly a mile away; Will drones in the USA?

Posted by Darlene Storm |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Cybercrime and Hacking White Papers

Application Security Services - Government and Cyber Security: U.S. Public Sector Application Security Services bridge the gap between traditional application development processes and techniques, and the requisite security mechanisms needed to...
HP Cybersecurity Offerings: HP has been in the security business since our inception, providing critical security services to clients at every level of government and Fortune...
Streamline Compliance and Increase ROI: Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...

Cybercrime and Hacking Webcasts

WikiLeaks: How am I Affected?: The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Analytics Without Limits: The Latest on Oracle Exalytics In-Memory Machine and Oracle Business Intelligence: Analytics at the Speed of Thought

What if you could run financial and operational planning cycles 10 times faster? Or monitor and adjust...
EMC and VMware Solution Track: The EMC and VMware Solution Track is a single destination for the most up-to-date resources on how EMC can enhance, extend and accelerate...

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

Security hole uncovered in Ruby; many Rails apps likely affected

Related Posts

Today's Top Stories

Hot Posts

Sharon Machlis's Archive

IT Topics