Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Database Security and Inference | Main | One Approach to Database Security: Stick Head in Sand, Ignore Patches »

Multiple Ruby Vulnerabilities Serious Concern for Developers

The scripting language Ruby has been quite popular among database application developers since Ruby on Rails came out and alleviated a lot of the drudgery of db application development. A recent announcement about multiple vulnerabilities that can be exploited for denial of service attacks or arbitrary code execution is leaving developers scrambling to patch but there are questions about the patches.

There has been some question on the Ruby Formum about the fixes with at least one poster finding a test suite fails after applying a segment fault patch to version 1.8.6-p230, others indicate the patch is working.

The vulnerabilities were discovered by Drew Yao from Apple Product Security. Patches are available at here. There is more discussion on this at Matasano Chargen.

Tags:            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on June 24, 2008 8:35 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/768

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net