XSS vulnerability on Simple Form

There is a XSS vulnerability on Simple Form’s label, hint and error options. Fixed versions: 3.0.1, 2.1.1

CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL

December 16, 2015

There is an unsafe tainted string usage vulnerability in Fiddle and DL. This vulnerability has been assigned the CVE identifier CVE-2015-7551.

Details

There is an unsafe tainted string vulnerability in Fiddle and DL. This issue was originally reported and fixed with CVE-2009-5147 in DL, but reappeared after DL was reimplemented using Fiddle and libffi.

And, about DL, CVE-2009-5147 was fixed at Ruby 1.9.1, but not fixed at other branches, then rubies which bundled DL except Ruby 1.9.1 are still vulnerable.

Impacted code looks something like this:

handle = Fiddle::Handle.new(dangerous_user_input)

Or:

handle = Fiddle::Handle.new(some_library)
function_pointer = handle[dangerous_user_input]

All users running an affected release should either upgrade or use one of the workarounds immediately.

Affected Versions

All patch releases of Ruby 1.9.2 and Ruby 1.9.3 (DL and Fiddle).
All patch releases of Ruby 2.0.0 prior to Ruby 2.0.0 patchlevel 648 (DL and Fiddle).
All versions of Ruby 2.1 prior to Ruby 2.1.8 (DL and Fiddle).
All versions of Ruby 2.2 prior to Ruby 2.2.4 (Fiddle).
Ruby 2.3.0 preview 1 and preview 2 (Fiddle).
prior to trunk revision 53153 (Fiddle).

Workarounds

If you cannot upgrade, the following monkey patch can be applied as a workaround for Fiddle:

class Fiddle::Handle
  alias :old_initialize :initialize

  def initialize file, *args
    raise SecurityError if file.tainted? && $SAFE > 0
    old_initialize file, *args
  end

  alias :sym :[]
  alias :old_call :[]

  def [] fun
    raise SecurityError if fun.tainted? && $SAFE > 0
    old_call fun
  end
end

If you are using DL, use Fiddle instead of it.

Credits

Thanks to Christian Hofstaedtler zeha@debian.org for reporting this issue!

History

Originally published at 2015-12-16 12:00:00 UTC

Posted by usa on 16 Dec 2015

[…]

Create Vanity nameserver with digital ocean and namecheap

September 3, 2014

A vanity nameserver is a name server that is branded to a website of your choice, instead of our public name servers. This can make your site appear more professional, by masking the fact you're using our name servers.

Setting up vanity name servers on shared hosting, would be much different than running your own custom name servers on either a VPS or dedicated server. As these run completely separate from our public name servers.

With vanity name servers you are just hiding or masking the hostname of our public name servers, but the IP addresses and the physical servers handling your website's DNS requests would still be our public name servers.

Create Vanity nameserver with digital ocean and namecheap

create droplet in digitalocean with hostname your domain

add domain to your droplet

create A records with your domain nameserver as hostname (dont forget to end the hostname with a period) and for ip address use digitalocean nameserver ip address.
For nameserver it can be ns1.yourdomain.com or a.ns.yourdomain.com. I use the ns1 one.

change your ns records with your vanity nameserver that has been made

Dns record will be look like:

The blue censored content is your droplet IP

The red censored content is your domain

create your glue records, it will depending where you buy a domain, for example I buy a domain in namecheap.

Go to “Manage Domains” and choose your domain. In the left sidebar look in to “advance options” and choose “Nameserver Registrations”

fill the ip address with digitalocean nameserver ip addresses

go to “transfer dns to webhost” in the left sidebar and fill dns server with your vanity nameserver.

Credits To : Muhammad Bayu

[…]

The Ruby Rails Aggregator