Permalink
Browse files

Adding CVE-2013-4562 and CVE-2013-4164 announced later November 2013

  • Loading branch information...
thesp0nge committed Nov 26, 2013
1 parent c65f141 commit d7441b1c4079a69950f0ed2f6104b979bbac3d2d
@@ -99,6 +99,9 @@ able to scan something. It deserves a special release.
## Version 0.80
* adding test for CVE-2013-4164
* adding test for CVE-2013-4562
* detect sinks for XSS in Padrino applications
* detect reflected XSS in Padrino applications
* detect stored XSS in Sinatra applications
@@ -0,0 +1,32 @@
module Codesake
module Dawn
module Kb
# Automatically created with rake on 2013-11-26
class CVE_2013_4164
include RubyVersionCheck
def initialize
message = "Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable."
super({
:name=>"CVE-2013-4164",
:cvss=>"not assigned",
:release_date => Date.new(2013, 11, 23),
:cwe=>"",
:owasp=>"A9",
:applies=>["rails", "sinatra", "padrino"],
:kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
:message=>message,
:mitigation=>"All users are recommended to upgrade to Ruby 1.9.3 patchlevel 484, ruby 2.0.0 patchlevel 353 or ruby 2.1.0 preview2.",
:aux_links=>["https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"]
})
self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p484"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p353"},
{:engine=>"ruby", :version=>"2.1.0", :patchlevel=>"preview2"}]
end
end
end
end
end
@@ -0,0 +1,29 @@
module Codesake
module Dawn
module Kb
# Automatically created with rake on 2013-11-26
class CVE_2013_4562
include DependencyCheck
def initialize
message = "Because of the way that omniauth-facebook supports setting a per-request state parameter by storing it in the session, it is possible to circumvent the automatic CSRF protection. Therefore the CSRF added in 1.4.1 should be considered broken. If you are currently providing a custom state, you will need to store and retrieve this yourself (for example, by using the session store) to use 1.5.0."
super({
:name=>"CVE-2013-4562",
:cvss=>"not assigned",
:release_date => Date.new(2013, 11, 14),
:cwe=>"",
:owasp=>"A9",
:applies=>["rails", "sinatra", "padrino"],
:kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
:message=>message,
:mitigation=>"You must upgrade at least to 1.5.0 or later",
:aux_links=>["https://groups.google.com/forum/#!msg/ruby-security-ann/-tJHNlTiPh4/9SJxdEWLIawJ"]
})
self.safe_dependencies = [{:name=>"omniauth-facebook", :version=>['1.5.0']}]
end
end
end
end
end
@@ -79,7 +79,9 @@
require "codesake/dawn/kb/cve_2013_2616"
require "codesake/dawn/kb/cve_2013_2617"
require "codesake/dawn/kb/cve_2013_3221"
require "codesake/dawn/kb/cve_2013_4164"
require "codesake/dawn/kb/cve_2013_4389"
require "codesake/dawn/kb/cve_2013_4562"
module Codesake
@@ -207,7 +209,9 @@ def self.load_security_checks
Codesake::Dawn::Kb::CVE_2013_2616.new,
Codesake::Dawn::Kb::CVE_2013_2617.new,
Codesake::Dawn::Kb::CVE_2013_3221.new,
Codesake::Dawn::Kb::CVE_2013_4164.new,
Codesake::Dawn::Kb::CVE_2013_4389.new,
Codesake::Dawn::Kb::CVE_2013_4562.new,
]
end
end
@@ -371,4 +371,15 @@
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4389
end
it "must have test for CVE-2013-4164" do
sc = kb.find("CVE-2013-4164")
sc.should_not be_nil
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4164
end
it "must have test for CVE-2013-4562" do
sc = kb.find("CVE-2013-4562")
sc.should_not be_nil
sc.class.should == Codesake::Dawn::Kb::CVE_2013_4562
end
end

0 comments on commit d7441b1

Please sign in to comment.