Ruby SSL Client Certificate Validation CVE-2013-4073 Security Bypass Vulnerability

Bugtraq ID: 60843
Class: Design Error
CVE: CVE-2013-4073
Remote: Yes
Local: No
Published: Jun 27 2013 12:00AM
Updated: Apr 13 2015 10:07PM
Credit: William (B.J.) Snow Orvis
Vulnerable: Yukihiro Matsumoto Ruby 1.9.3 dev
Yukihiro Matsumoto Ruby 1.9.2 RC2
Yukihiro Matsumoto Ruby 1.9.2 P180
Yukihiro Matsumoto Ruby 1.9.2 P136
Yukihiro Matsumoto Ruby 1.9.2 P0
Yukihiro Matsumoto Ruby 1.9.2 -rc1
Yukihiro Matsumoto Ruby 1.9.1 P431
Yukihiro Matsumoto Ruby 1.9.1 -p429
Yukihiro Matsumoto Ruby 1.9.1 -p376
Yukihiro Matsumoto Ruby 1.9.1
Yukihiro Matsumoto Ruby 1.9 -2
Yukihiro Matsumoto Ruby 1.9 -1
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.7 -p72
Yukihiro Matsumoto Ruby 1.8.7 -p71
Yukihiro Matsumoto Ruby 1.8.7 -p22
Yukihiro Matsumoto Ruby 1.8.7 -p21
Yukihiro Matsumoto Ruby 1.8.7
Yukihiro Matsumoto Ruby 1.8.6 -p287
Yukihiro Matsumoto Ruby 1.8.6 -p286
Yukihiro Matsumoto Ruby 1.8.6 -p230
Yukihiro Matsumoto Ruby 1.8.6 -p229
Yukihiro Matsumoto Ruby 1.8.6 -p114
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5 -p231
Yukihiro Matsumoto Ruby 1.8.5 -p230
Yukihiro Matsumoto Ruby 1.8.5 -p2
Yukihiro Matsumoto Ruby 1.8.5 -p115
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
Yukihiro Matsumoto Ruby 1.8.1
+ Redhat Fedora Core3
+ Redhat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
Yukihiro Matsumoto Ruby 2.0.0-p195
Yukihiro Matsumoto Ruby 2.0
Yukihiro Matsumoto Ruby 1.9.3-p426
Yukihiro Matsumoto Ruby 1.9.3-p392
Yukihiro Matsumoto Ruby 1.9.3-p327
Yukihiro Matsumoto Ruby 1.9.3-p0
Yukihiro Matsumoto Ruby 1.9.2 pre3
Yukihiro Matsumoto Ruby 1.9.1-p430
Yukihiro Matsumoto Ruby 1.9.1-p378
Yukihiro Matsumoto Ruby 1.9.0-3
Yukihiro Matsumoto Ruby 1.9
Yukihiro Matsumoto Ruby 1.8.7-P357
Yukihiro Matsumoto Ruby 1.8.7-P352
Yukihiro Matsumoto Ruby 1.8.7-p334
Yukihiro Matsumoto Ruby 1.8.7-p330
Yukihiro Matsumoto Ruby 1.8.7-p302
Yukihiro Matsumoto Ruby 1.8.7-p299
Yukihiro Matsumoto Ruby 1.8.7-p249
Yukihiro Matsumoto Ruby 1.8.7-p248
Yukihiro Matsumoto Ruby 1.8.7-p173
Yukihiro Matsumoto Ruby 1.8.7-p160
Yukihiro Matsumoto Ruby 1.8.6-p420
Yukihiro Matsumoto Ruby 1.8.6-p399
Yukihiro Matsumoto Ruby 1.8.6-p388
Yukihiro Matsumoto Ruby 1.8.6-p383
Yukihiro Matsumoto Ruby 1.8.6-p369
Yukihiro Matsumoto Ruby 1.8.6-p368
Ubuntu Ubuntu Linux 13.04
Ubuntu Ubuntu Linux 12.10 i386
Ubuntu Ubuntu Linux 12.10 amd64
Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Synology Diskstation Manager 4.3-3810 1
Synology Diskstation Manager 4.3-3810
Synology Diskstation Manager 4.3
Synology Diskstation Manager 4.2-3243
Synology Diskstation Manager 4.2
Synology Diskstation Manager 4.0-2259
Synology Diskstation Manager 4.0
SuSE SUSE Linux Enterprise Software Development Kit 11 SP3
+ Linux kernel 2.6.5
SuSE SUSE Linux Enterprise Server 11 SP3 for VMware
SuSE SUSE Linux Enterprise Server 11 SP3
SuSE Suse Linux Enterprise Desktop 11 SP3
+ Linux kernel 2.6.5
S.u.S.E. openSUSE 12.3
S.u.S.E. openSUSE 12.2
Redhat OpenStack 3.0
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Workstation 5 client
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 6
Redhat Enterprise Linux Desktop 5 client
Redhat Enterprise Linux 5 Server
Puppetlabs Puppet Enterprise 2.8.2
Puppetlabs Puppet Enterprise 2.7.2
Puppetlabs Puppet Enterprise 2.7.1
Puppetlabs Puppet Enterprise 2.7
Puppetlabs Puppet Enterprise 2.5.2
Puppetlabs Puppet Enterprise 2.5.1
Puppetlabs Puppet Enterprise 2.0.3
Puppetlabs Puppet Enterprise 2.0.2
Puppetlabs Puppet Enterprise 1.2.7
Puppetlabs Puppet Enterprise 2.8.0
Puppetlabs Puppet Enterprise 2.6
Puppetlabs Puppet Enterprise 1.2
Puppetlabs Puppet Enterprise 1.1
Puppetlabs Puppet Enterprise 1.0
Puppetlabs Puppet Enterprise 2.0
PHP PHP 5.4.17
PHP PHP 5.4.4
PHP PHP 5.4.3
PHP PHP 5.4.2
PHP PHP 5.4.1
PHP PHP 5.4.5
PHP PHP 5.4.16
PHP PHP 5.4.15
PHP PHP 5.4.12
PHP PHP 5.4.11
PHP PHP 5.4.0RC2
PHP PHP 5.4.0beta2
Oracle Solaris 11
Oracle Enterprise Linux 5
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
MandrakeSoft Enterprise Server 5 x86_64
MandrakeSoft Enterprise Server 5
InterWorx InterWorx 5.0.13 build 574
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 5
Avaya Aura System Manager 6.3.2
Avaya Aura System Manager 6.3.1
Avaya Aura System Manager 6.3
Avaya Aura System Manager 6.2.3
Avaya Aura System Manager 6.2 SP3
Avaya Aura System Manager 6.2
Avaya Aura System Manager 6.1.5
Avaya Aura System Manager 6.1.3
Avaya Aura System Manager 6.1.2
Avaya Aura System Manager 6.1.1
Avaya Aura System Manager 6.1 SP2
Avaya Aura System Manager 6.1 Sp1
Avaya Aura System Manager 6.1
Apple Mac OS X 10.9.1
Apple Mac OS X 10.8.5
Apple Mac OS X 10.9
Apple Mac OS X 10.7.5
Not Vulnerable: Yukihiro Matsumoto Ruby 2.0.0-p247
Yukihiro Matsumoto Ruby 1.9.3-p448
Yukihiro Matsumoto Ruby 1.8.7-p374
Synology Diskstation Manager 4.3-3827 Update 1
Puppetlabs Puppet Enterprise 3.0.1
Puppetlabs Puppet Enterprise 2.8.3
PHP PHP 5.4.18
Oracle Solaris 11.1.11.4.0
InterWorx InterWorx 5.0.14 build 577
Apple Mac OS X 10.9.2
Apple Mac OS X 10.9


 

Privacy Statement
Copyright 2010, SecurityFocus