CVE-2008-4094

Description

Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

Affected products

• rubyonrails / rails0.9.1 – 0.9.1
• rubyonrails / rails0.9.2 – 0.9.2
• rubyonrails / rails0.9.3 – 0.9.3
• rubyonrails / rails0.9.4 – 0.9.4
• rubyonrails / rails0.9.4.1 – 0.9.4.1
• rubyonrails / rails0.10.0 – 0.10.0
• rubyonrails / rails0.10.1 – 0.10.1
• rubyonrails / rails0.11.0 – 0.11.0
• rubyonrails / rails0.11.1 – 0.11.1
• rubyonrails / rails0.12.0 – 0.12.0
• rubyonrails / rails0.12.1 – 0.12.1
• rubyonrails / rails0.13.0 – 0.13.0
• rubyonrails / rails0.13.1 – 0.13.1
• rubyonrails / rails0.14.1 – 0.14.1
• rubyonrails / rails0.14.2 – 0.14.2
• rubyonrails / rails0.14.3 – 0.14.3
• rubyonrails / rails0.14.4 – 0.14.4
• rubyonrails / rails1.0.0 – 1.0.0
• rubyonrails / rails1.1.0 – 1.1.0
• rubyonrails / rails1.1.1 – 1.1.1
• rubyonrails / rails1.1.2 – 1.1.2
• rubyonrails / rails1.1.3 – 1.1.3
• rubyonrails / rails1.1.4 – 1.1.4
• rubyonrails / rails1.1.5 – 1.1.5
• rubyonrails / rails1.1.6 – 1.1.6
• rubyonrails / rails1.2.0 – 1.2.0
• rubyonrails / rails1.2.1 – 1.2.1
• rubyonrails / rails1.2.2 – 1.2.2
• rubyonrails / rails1.2.3 – 1.2.3
• rubyonrails / rails1.2.4 – 1.2.4
• rubyonrails / rails1.2.5 – 1.2.5
• rubyonrails / rails1.2.6 – 1.2.6
• rubyonrails / rails1.9.5 – 1.9.5
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.0 – 2.0.0
• rubyonrails / rails2.0.1 – 2.0.1
• rubyonrails / rails2.0.2 – 2.0.2
• rubyonrails / rails2.0.4 – 2.0.4
• rubyonrails / rails2.1.0 – 2.1.0
• rubyonrails / ruby_on_rails2.1.0
• rubyonrails / ruby_on_rails0.5.0 – 0.5.0
• rubyonrails / ruby_on_rails0.5.5 – 0.5.5
• rubyonrails / ruby_on_rails0.5.6 – 0.5.6
• rubyonrails / ruby_on_rails0.5.7 – 0.5.7
• rubyonrails / ruby_on_rails0.6.0 – 0.6.0
• rubyonrails / ruby_on_rails0.6.5 – 0.6.5
• rubyonrails / ruby_on_rails0.7.0 – 0.7.0
• rubyonrails / ruby_on_rails0.8.0 – 0.8.0
• rubyonrails / ruby_on_rails0.8.5 – 0.8.5
• rubyonrails / ruby_on_rails0.9.0 – 0.9.0

References

• MISChttp://gist.github.com/8946
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45109
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2008/09/13/2
• MISChttp://rails.lighthouseapp.com/projects/8994/tickets/964
• MISChttp://rails.lighthouseapp.com/projects/8994/tickets/288
• VENDOR_ADVISORYhttp://secunia.com/advisories/31875
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/31910
• MISChttp://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
• MISChttp://www.securitytracker.com/id?1020871
• MISChttp://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2008/09/16/1
• MISChttp://www.securityfocus.com/bid/31176
• VENDOR_ADVISORYhttp://secunia.com/advisories/31909
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/2562