Impact: this regression breaks (at least) the metasploit framework. It appears that short-named constants are not generally in wide-spread use (based on community feedback and lack of other bug reports)
Development release: applied the exact patch to 9.04 in 1.8.7.72-1ubuntu1. This is from http://svn.ruby-lang.org/cgi- bin/viewvc.cgi?view=rev&revision=18485, and is already in upstream's stable snapshot. Debdiff for the upload is attached. TEST CASE (from HD Moore): The example below assumes you have a Windows server somewhere with port 135 open: $ svn co http://metasploit.com/svn/framework3/trunk/ msf3 $ ruby msf3/msfcli exploit/windows/dcerpc/ms03_026_dcom PAYLOAD=windows/shell/bind_tcp RHOST=10.10.10.250 E (change 10.10.10.250 to a machine with DCOM open, patch level does not matter) [*] Started bind handler [*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal... [*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:[EMAIL PROTECTED]:10.10.10.250[135] ... [*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:[EMAIL PROTECTED]:10.10.10.250[135] ... [-] Exploit failed: uninitialized constant Msf::ModuleSet::NDR A working/patched version of Ruby will not trigger that "uninitialized constant" error. Regression potential: appears low due to the perceived infrequency of using short-named constants ** Attachment added: "ruby1.8_1.8.7.72-1ubuntu0.1.debdiff" http://launchpadlibrarian.net/19817662/ruby1.8_1.8.7.72-1ubuntu0.1.debdiff ** Changed in: ruby1.8 (Ubuntu Intrepid) Status: Confirmed => In Progress -- Ruby 1.8 package breaks the Metasploit Framework (short-named constants) https://bugs.launchpad.net/bugs/282302 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
