tptacek's blog has some good info on this:

http://www.matasano.com/log/1070/updates-on-drew-yaos-terrib...

Both String and Array have integer overflows. If an attacker can control the size of a string or the index to a string or an array, they can control the address in native memory where Ruby will write data.

The details of these vulnerabilities are not under wraps; they were fixed in commits labelled with their CVE numbers.

Here's a fix for etch, since the security team hasn't released an advisory yet:

http://dfranke.us/rubyfix.txt

a = Array.new

a[0x7fffffff] = 55

(irb):14: [BUG] Segmentation fault

Presumably this is one of the attack vectors that was fixed.

I'm getting a different error with x86_64, but probably not protected against other bugs:

(irb):3:in `[]=': failed to allocate memory (NoMemoryError) from (irb):3:in `irb_binding' from /usr/lib/ruby/1.8/irb/workspace.rb:52:in `irb_binding' from /usr/lib/ruby/1.8/irb/workspace.rb:52

sizeof(long) is different for you, and fixnum is 63(?) bits. Try 0x7fffffffffffffff.

Yes, it was. Go look what happens in gdb when you do that.

Anyone successfully running the patched version w/o segfaults?

looks like this is a common prob... I guess i need to migrate to jruby sooner than I thought