

New code execution security vulnerabilities discovered in Ruby 1.8/1.9 - tptacek
http://www.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities/

======
tptacek
Drew Yao at Apple found these. They're bad. Array and String both have integer
handling problems; here are some fun diffs:

[http://svn.ruby-lang.org/cgi-
bin/viewvc.cgi/trunk/array.c?r1...](http://svn.ruby-lang.org/cgi-
bin/viewvc.cgi/trunk/array.c?r1=17101&r2=17460)

[http://svn.ruby-lang.org/cgi-
bin/viewvc.cgi/trunk/string.c?r...](http://svn.ruby-lang.org/cgi-
bin/viewvc.cgi/trunk/string.c?r1=17472&r2=17447)

We'll write up more on them later, right now just trying to nail down some
exploits.

You're going to want to update soon.

~~~
tptacek
... for starters --- x = ("A" * (2 __16)); while 1; s << s; puts s.size; end

Boom.

