Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0263

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2013-0263
Last Modified 18 Nov 2013 11:44:17
Published 08 Feb 2013 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2013-0263

Summary

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

Vulnerable Systems

Application

  • Rack Project Rack 1.1.0

  • Rack Project Rack 1.1.4

  • Rack Project Rack 1.1.5

  • Rack Project Rack 1.1.6

  • Rack Project Rack 1.2.0

  • Rack Project Rack 1.2.1

  • Rack Project Rack 1.2.2

  • Rack Project Rack 1.2.3

  • Rack Project Rack 1.2.4

  • Rack Project Rack 1.2.6

  • Rack Project Rack 1.2.7

  • Rack Project Rack 1.3.0

  • Rack Project Rack 1.3.1

  • Rack Project Rack 1.3.2

  • Rack Project Rack 1.3.3

  • Rack Project Rack 1.3.4

  • Rack Project Rack 1.3.5

  • Rack Project Rack 1.3.6

  • Rack Project Rack 1.3.7

  • Rack Project Rack 1.3.8

  • Rack Project Rack 1.3.9

  • Rack Project Rack 1.4.0

  • Rack Project Rack 1.4.1

  • Rack Project Rack 1.4.2

  • Rack Project Rack 1.4.3

  • Rack Project Rack 1.4.4

  • Rack Project Rack 1.5.0

  • Rack Project Rack 1.5.1


References

MISC - https://twitter.com/coda/statuses/299732877745197056

CONFIRM - https://groups.google.com/forum/#!msg/rack-devel/RnQxm6i13C4/xfakH81yWvgJ

CONFIRM - https://groups.google.com/forum/#!msg/rack-devel/mZsuRonD7G8/DpZIOmMLbOgJ

CONFIRM - https://groups.google.com/forum/#!msg/rack-devel/hz-liLb9fKE/8jvVWU6xYiYJ

CONFIRM - https://groups.google.com/forum/#!msg/rack-devel/bf937jPZxJM/1s6x95vIhmAJ

CONFIRM - https://groups.google.com/d/msg/rack-devel/xKrHVWeNvDM/4ZGA576CnK4J

CONFIRM - https://github.com/rack/rack/commit/9a81b961457805f6d1a5c275d053068440421e11

CONFIRM - https://github.com/rack/rack/commit/0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07

MISC - https://gist.github.com/codahale/f9f3781f7b54985bee94

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=909071

OSVDB - 89939

SECUNIA - 52134

SECUNIA - 52033

CONFIRM - http://rack.github.com/

SECUNIA - 52774

REDHAT - RHSA-2013:0686

SUSE - openSUSE-SU-2013:0462

DEBIAN - DSA-2783


Last Updated: 27 May 2016 11:01:50