UBUNTU-CVE-2013-0263

Source
https://ubuntu.com/security/CVE-2013-0263
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2013/UBUNTU-CVE-2013-0263.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2013-0263
Related
Published
2013-02-08T20:55:00Z
Modified
2013-02-08T20:55:00Z
Summary
[none]
Details

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.

References

Affected packages

Ubuntu:14.04:LTS / ruby-rack

Package

Name
ruby-rack
Purl
pkg:deb/ubuntu/ruby-rack?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.2-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.5.2-1",
            "binary_name": "librack-ruby"
        },
        {
            "binary_version": "1.5.2-1",
            "binary_name": "librack-ruby1.8"
        },
        {
            "binary_version": "1.5.2-1",
            "binary_name": "librack-ruby1.9.1"
        },
        {
            "binary_version": "1.5.2-1",
            "binary_name": "ruby-rack"
        }
    ]
}