OSVDB ID: 39866

Title: Mongrel DirHandler (lib/mongrel/handlers.rb) Encoded Traversal Arbitrary File Access

Info

Disclosure

Dec 28, 2007

Discovery

Unknown

Dates

Exploit

Dec 28, 2007

Solution

Dec 29, 2007

Description

Mongrel contains a flaw that allows a remote attacker to browse outside of the web path. The issue is due to Mongrel not properly sanitizing user input, specifically encoded directory traversal style attacks (/.%252e/.%252e/).

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.0.5, 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mongrel	Mongrel	1.1.1
		1.1
		1.0.4
		1.1.2
		1.0.1

References

CVE ID: 2007-6612 (see also: NVD)
Bugtraq ID: 27133
Secunia Advisory ID: 28323 30430
Vendor Specific News/Changelog Entry: http://mongrel.rubyforge.org/changeset/932
http://mongrel.rubyforge.org/news.html
Other Advisory URL: http://rubyforge.org/pipermail/mongrel-users/2007-December/004733.html
http://rubyforge.org/pipermail/mongrel-users/2007-December/004736.html
http://rubyforge.org/pipermail/mongrel-users/2007-December/004742.html
http://rubyforge.org/pipermail/mongrel-users/2007-December/004743.html
Vendor Specific Advisory URL: http://support.apple.com/kb/HT1897

Credit

Eric Mason -

Direct URL: http://osvdb.org/39866