製品・ソフトウェアに関する情報

JVN脆弱性詳細

Ruby on Rails におけるデータベースのクエリ制限を回避される脆弱性

Title	Ruby on Rails におけるデータベースのクエリ制限を回避される脆弱性
Summary	Ruby on Rails は、Active Record コンポーネントと JSON の実装におけるパラメータ処理の違いを適切に配慮しないため、データベースのクエリ制限を回避され、NULL チェックを実行される、または WHERE 句の削除を誘発される脆弱性が存在します。本問題は、CVE-2012-2660 および CVE-2012-2694 と関連する問題です。
Possible impacts	第三者により、巧妙に細工されたリクエストを介して、データベースのクエリ制限を回避され、NULL チェックを実行される、または WHERE 句の削除を誘発される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 8, 2013, midnight
Registration Date	Jan. 15, 2013, 2:43 p.m.
Last Update	June 7, 2013, 11:58 a.m.

CVSS2.0 : 警告
Score	6.4
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:N

Affected System

アップル

Apple Mac OS X 10.6.8

Apple Mac OS X Server 10.6.8

Ruby on Rails project

Rails 3.0.19 未満の 3.0.x

Rails 3.1.10 未満の 3.1.x

Rails 3.2.11 未満の 3.2.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-0155	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
National Vulnerability Database (NVD)
2	CVE-2013-0155	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0155

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Apple Mailing Lists
1	APPLE-SA-2013-06-04-1	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
Apple Security Updates
2	HT5784	http://support.apple.com/kb/HT5784
Apple セキュリティアップデート
3	HT5784	http://support.apple.com/kb/HT5784?viewlocale=ja_JP
Debian Security Advisory
4	DSA-2609	http://www.debian.org/security/2013/dsa-2609
Google Groups
5	Unsafe Query Generation Risk in Ruby on Rails (CVE-2013-0155)	https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain
Rails weblog
6	[SEC][ANN] Rails 3.2.11, 3.1.10, 3.0.19, and 2.3.15 have been released!	http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
Red Hat Security Advisory
7	RHSA-2013:0154	http://rhn.redhat.com/errata/RHSA-2013-0154.html
8	RHSA-2013:0155	http://rhn.redhat.com/errata/RHSA-2013-0155.html

その他

No	Name	URL
CERT Advisory
1	ICSA-13-036-01A	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A
JVN
2	JVNVU#92046435	http://jvn.jp/cert/JVNVU92046435/index.html

Change Log

No	Changed Details	Date of change
0	[2013年01月15日] 掲載 [2013年02月05日] CVSS による深刻度：基本値と機密性への影響、完全性への影響、可用性への影響を変更 [2013年02月20日] ベンダ情報：Debian (DSA-2609) を追加ベンダ情報：レッドハット (RHSA-2013:0154) を追加ベンダ情報：レッドハット (RHSA-2013:0155) を追加 [2013年05月22日] CWE による脆弱性タイプ一覧：CWE-ID を変更 [2013年06月07日] 影響を受けるシステム：アップル (HT5784) の情報を追加ベンダ情報：アップル (HT5784) を追加ベンダ情報：アップル (APPLE-SA-2013-06-04-1) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-0155

Summary	Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.
Publication Date	Jan. 14, 2013, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:32 p.m.
Last Update	Nov. 21, 2024, 10:46 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:rubyonrails:ruby_on_rails::::::::	3.0.0			3.0.19
cpe:2.3:a:rubyonrails:ruby_on_rails::::::::	3.1.0			3.1.10
cpe:2.3:a:rubyonrails:rails::::::::	3.2.0			3.2.11

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A	Third Party Advisory US Government Resource
2	http://ics-cert.us-cert.gov/advisories/ICSA-13-036-01A	Third Party Advisory US Government Resource
3	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Mailing List Third Party Advisory
4	http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-updates/2013-12/msg00079.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-updates/2013-12/msg00081.html	Mailing List Third Party Advisory
9	http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html	Mailing List Third Party Advisory
10	http://lists.opensuse.org/opensuse-updates/2013-12/msg00082.html	Mailing List Third Party Advisory
11	http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html	Mailing List Third Party Advisory
12	http://lists.opensuse.org/opensuse-updates/2014-01/msg00003.html	Mailing List Third Party Advisory
13	http://rhn.redhat.com/errata/RHSA-2013-0154.html	Third Party Advisory
14	http://rhn.redhat.com/errata/RHSA-2013-0154.html	Third Party Advisory
15	http://rhn.redhat.com/errata/RHSA-2013-0155.html	Third Party Advisory
16	http://rhn.redhat.com/errata/RHSA-2013-0155.html	Third Party Advisory
17	http://support.apple.com/kb/HT5784	Third Party Advisory
18	http://support.apple.com/kb/HT5784	Third Party Advisory
19	http://www.debian.org/security/2013/dsa-2609	Third Party Advisory
20	http://www.debian.org/security/2013/dsa-2609	Third Party Advisory
21	https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain	Third Party Advisory
22	https://groups.google.com/group/rubyonrails-security/msg/bc6f13dafe130ee9?dmode=source&output=gplain	Third Party Advisory
23	https://puppet.com/security/cve/cve-2013-0155	Third Party Advisory
24	https://puppet.com/security/cve/cve-2013-0155	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html