* Added a check for CVE-2014-0082

thesp0nge · Feb 21, 2014 · e7ded94 · e7ded94
1 parent d4ad091
commit e7ded94
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 2 deletions.
diff --git a/Changelog.md b/Changelog.md
@@ -11,6 +11,7 @@ _latest update: Fri Jan 24 07:57:58 CET 2014_
 
 * Added a check for CVE-2014-0080
 * Added a check for CVE-2014-0081
+* Added a check for CVE-2014-0082
 * Added a --ascii-tabular-report (-a) to produce a report formatted with ascii
   tables. A bit of bin/dawn refactoring was necessary.
 * Added a --json (-j) to produce JSON reports

diff --git a/lib/codesake/dawn/kb/cve_2014_0081.rb b/lib/codesake/dawn/kb/cve_2014_0081.rb
@@ -20,7 +20,7 @@ def initialize
             :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/tfp6gZCtzr4/j8LUHmu7fIEJ"]
            })
 
-           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '4.0.3', '4.1.0.beta2']}]
+           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '4.0.3', '4.1.0.beta2', '3.1.99999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
 				end
 			end
 		end

diff --git a/lib/codesake/dawn/kb/cve_2014_0082.rb b/lib/codesake/dawn/kb/cve_2014_0082.rb
@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2014-02-21
+			class CVE_2014_0082
+				include DependencyCheck
+
+				def initialize
+          message = "actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers."
+
+           super({
+            :name=>"CVE-2014-0082",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            :release_date => Date.new(2014, 2, 20),
+            :cwe=>"20",
+            :owasp=>"A9", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 3.2.17. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/LMxO_3_eCuc/ozGBEhKaJbIJ"]
+           })
+
+           self.safe_dependencies = [{:name=>"rails", :version=>['3.2.17', '3.1.9999', '3.0.99999', '2.99999.99999', '1.99999.99999']}]
+				end
+			end
+		end
+	end
+end
diff --git a/lib/codesake/dawn/knowledge_base.rb b/lib/codesake/dawn/knowledge_base.rb
@@ -198,6 +198,7 @@
 
 require "codesake/dawn/kb/cve_2014_0080"
 require "codesake/dawn/kb/cve_2014_0081"
+require "codesake/dawn/kb/cve_2014_0082"
 
 module Codesake
   module Dawn
@@ -409,6 +410,7 @@ def self.load_security_checks
           Codesake::Dawn::Kb::CVE_2013_7086.new, 
           Codesake::Dawn::Kb::CVE_2014_0080.new, 
           Codesake::Dawn::Kb::CVE_2014_0081.new, 
+          Codesake::Dawn::Kb::CVE_2014_0082.new, 
 
         ]
       end

diff --git a/spec/lib/dawn/codesake_knowledgebase_spec.rb b/spec/lib/dawn/codesake_knowledgebase_spec.rb
@@ -780,5 +780,9 @@
       sc.should_not   be_nil
         sc.class.should == Codesake::Dawn::Kb::CVE_2014_0081
 end
-
+it "must have test for CVE-2014-0082" do
+    sc = kb.find("CVE-2014-0082")
+      sc.should_not   be_nil
+        sc.class.should == Codesake::Dawn::Kb::CVE_2014_0082
+end
 end
diff --git a/spec/lib/kb/cve_2014_0082_spec.rb b/spec/lib/kb/cve_2014_0082_spec.rb
@@ -0,0 +1,53 @@
+require 'spec_helper'
+describe "The CVE-2014-0082 vulnerability" do
+	before(:all) do
+		@check = Codesake::Dawn::Kb::CVE_2014_0082.new
+		# @check.debug = true
+	end
+  it "affects version 3.0.x" do
+    require 'securerandom'
+    rand = SecureRandom.random_number(9999)
+    version = "3.0.#{rand}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 2.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "2.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "affects version 1.x.y" do
+    require 'securerandom'
+    rand_min = SecureRandom.random_number(9999)
+    rand_patch = SecureRandom.random_number(9999)
+    version = "1.#{rand_min}.#{rand_patch}"
+
+    @check.dependencies = [{:name=>"rails", :version=>version}]
+    @check.vuln?.should be_true
+  end
+  it "doesn't affect version 4.0.2" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.2'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.1" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.1'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.0" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.0'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 4.0.3" do 
+    @check.dependencies = [{:name=>"rails", :version=>'4.0.3'}]
+    @check.vuln?.should be_false
+  end
+  it "doesn't affect version 3.2.17" do 
+    @check.dependencies = [{:name=>"rails", :version=>'3.2.17'}]
+    @check.vuln?.should be_false
+  end
+end