FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- Unintentional file creation caused by inserting an illegal NUL character

Affected packages
1.9.3,1 < ruby < 1.9.3.286,1

Details

VuXML ID 3decc87d-2498-11e2-b0c7-000d601460a4
Discovery 2012-10-12
Entry 2012-11-01

The official ruby site reports:

A vulnerability was found that file creation routines can create unintended files by strategically inserting NUL(s) in file paths. This vulnerability has been reported as CVE-2012-4522.

Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the other hand OSes and other libraries tend not. They usually treat a NUL as an End of String mark. So to interface them with Ruby, NUL chars should properly be avoided.

However methods like IO#open did not check the filename passed to them, and just passed those strings to lower layer routines. This led to create unintentional files.

References

CVE Name CVE-2012-4522
URL http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/
URL https://access.redhat.com/security/cve/CVE-2012-4522/