CVE-2009-5147 PoC — Ruby 安全漏洞

Source

https://github.com/vpereira/CVE-2009-5147

Associated Vulnerability

Title:Ruby 安全漏洞 (CVE-2009-5147)
Description:Ruby是日本软件开发者松本行弘所研发的一种跨平台、面向对象的动态类型编程语言。 Ruby中的DL::dlopen存在安全漏洞。攻击者可利用该漏洞绕过安全限制，执行未授权的操作。以下版本受到影响：Ruby 1.8版本，1.9.0版本，1.9.2版本，1.9.3版本，2.0.0版本。

Description

poc for CVE-2009-5147

Readme

CVE-2009-5147 and CVE-2015-7551 PoC

to run it:

````
make foo
export FOO=./foo.so
ruby -v foo.rb
````

with different versions of ruby you should get different results:

````
vpereira@kimura:~/poc> rvm use 2.1.7
vpereira@kimura:~/poc> ruby -v foo.rb
ruby 2.1.7p400 (2015-08-18 revision 51632) [x86_64-linux]
some trash fom your environment variables...

vpereira@kimura:~/poc> rvm use 2.3.0
vpereira@kimura:~/poc> ruby -v foo.rb
ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
CVE-2009-5147 fixed
````

The file ```foo2.rb``` is for the CVE-2015-7551

File Snapshot


 [4.0K]  /data/pocs/ecd5b8d9766200c88e4da7c9b9d484f38daa16eb
├── [ 245]  foo2.rb
├── [  66]  foo.c
├── [ 240]  foo.rb
├── [  74]  Makefile
└── [ 560]  README.md

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!