Farukh D.M
2013-Apr-30 09:10 UTC
How to reproduce: CVE-2013-1854 Symbol DoS vulnerability in Active Record
Hey, I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS vulnerability in Active Record Is there a way I can test my application with DoS attack by doing some manual code or something like that. On rails console, I tried to do something like: User.where(:email => {:email => ''test''})> SELECT `users`.* FROM `users` WHERE `email`.`email` = ''test''it gave "ActiveRecord::StatementInvalid:" exception. How would requests like this lead to DoS attack. Its just like any other invalid sql. Also, How can I reproduce the vulnerability mentioned on http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/ Please help me out with the reference to example(s) causing mentioned vulnerabilities. Thanks -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/Kb2nX5NkSqwJ. For more options, visit https://groups.google.com/groups/opt_out.
Frederick Cheung
2013-Apr-30 21:33 UTC
Re: How to reproduce: CVE-2013-1854 Symbol DoS vulnerability in Active Record
On Tuesday, April 30, 2013 10:10:20 AM UTC+1, Farukh D.M wrote:> > Hey, > > I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS > vulnerability in Active Record > > Is there a way I can test my application with DoS attack by doing some > manual code or something like that. > > On rails console, I tried to do something like: > User.where(:email => {:email => ''test''}) > > > SELECT `users`.* FROM `users` WHERE `email`.`email` = ''test'' > > it gave "ActiveRecord::StatementInvalid:" exception. > How would requests like this lead to DoS attack. Its just like any other > invalid sql. > > The vulnerability is that (depending on how you use activerecord), anattacker can cause arbitrary strings to be turned into symbols. Ruby never garbage collects symbols, so this can be used to exhaust all the memory available to your application. Fred> Also, How can I reproduce the vulnerability mentioned on > http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/ > > Please help me out with the reference to example(s) causing mentioned > vulnerabilities. > > Thanks > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/7Yhg2zp4DgAJ. For more options, visit https://groups.google.com/groups/opt_out.
Farukh D.M
2013-May-01 17:35 UTC
Re: Re: How to reproduce: CVE-2013-1854 Symbol DoS vulnerability in Active Record
Wow, that is one hell of an eye opener. Thanks very much for the reply. I appreciate very much. Regards Farukh D M On Wed, May 1, 2013 at 3:03 AM, Frederick Cheung <frederick.cheung-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > > On Tuesday, April 30, 2013 10:10:20 AM UTC+1, Farukh D.M wrote: >> >> Hey, >> >> I need to find out the impact of vulnerability: CVE-2013-1854 Symbol DoS >> vulnerability in Active Record >> >> Is there a way I can test my application with DoS attack by doing some >> manual code or something like that. >> >> On rails console, I tried to do something like: >> User.where(:email => {:email => ''test''}) >> >> > SELECT `users`.* FROM `users` WHERE `email`.`email` = ''test'' >> >> it gave "ActiveRecord::**StatementInvalid:" exception. >> How would requests like this lead to DoS attack. Its just like any other >> invalid sql. >> >> The vulnerability is that (depending on how you use activerecord), an > attacker can cause arbitrary strings to be turned into symbols. Ruby never > garbage collects symbols, so this can be used to exhaust all the memory > available to your application. > > Fred > > > >> Also, How can I reproduce the vulnerability mentioned on >> http://weblog.rubyonrails.**org/2013/3/18/SEC-ANN-Rails-3-** >> 2-13-3-1-12-and-2-3-18-have-**been-released/<http://weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/> >> >> Please help me out with the reference to example(s) causing mentioned >> vulnerabilities. >> >> Thanks >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org > To view this discussion on the web visit > https://groups.google.com/d/msg/rubyonrails-talk/-/7Yhg2zp4DgAJ. > > For more options, visit https://groups.google.com/groups/opt_out. > > >-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit https://groups.google.com/groups/opt_out.