Executive Summary
Summary | |
---|---|
Title | ruby security update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:0897 | First vendor Publication | 2008-10-21 |
Vendor | RedHat | Last vendor Modification | 2008-10-21 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially-crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient "taintness" check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially-crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bugs fixed (http://bugzilla.redhat.com/): 458948 - CVE-2008-3655 ruby: multiple insufficient safe mode restrictions 458953 - CVE-2008-3656 ruby: WEBrick DoS vulnerability (CPU consumption) 458966 - CVE-2008-3657 ruby: missing "taintness" checks in dl module 459266 - CVE-2008-3443 ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS) 460134 - CVE-2008-3790 ruby: DoS vulnerability in the REXML module 461495 - CVE-2008-3905 ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-0897.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-399 | Resource Management Errors |
29 % | CWE-20 | Improper Input Validation |
14 % | CWE-287 | Improper Authentication |
14 % | CWE-264 | Permissions, Privileges, and Access Controls |
14 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10034 | |||
Oval ID: | oval:org.mitre.oval:def:10034 | ||
Title: | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||
Description: | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3905 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10393 | |||
Oval ID: | oval:org.mitre.oval:def:10393 | ||
Title: | The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." | ||
Description: | The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3790 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10937 | |||
Oval ID: | oval:org.mitre.oval:def:10937 | ||
Title: | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||
Description: | Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1145 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11602 | |||
Oval ID: | oval:org.mitre.oval:def:11602 | ||
Title: | Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | ||
Description: | Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3655 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17113 | |||
Oval ID: | oval:org.mitre.oval:def:17113 | ||
Title: | USN-691-1 -- ruby1.9 vulnerability | ||
Description: | Laurent Gaffie discovered that Ruby did not properly check for memory allocation failures. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-691-1 CVE-2008-3443 CVE-2008-3790 | Version: | 7 |
Platform(s): | Ubuntu 8.10 | Product(s): | ruby1.9 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:17538 | |||
Oval ID: | oval:org.mitre.oval:def:17538 | ||
Title: | USN-651-1 -- ruby1.8 vulnerabilities | ||
Description: | Akira Tagoh discovered a vulnerability in Ruby which lead to an integer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-651-1 CVE-2008-2376 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-1447 CVE-2008-3905 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18456 | |||
Oval ID: | oval:org.mitre.oval:def:18456 | ||
Title: | DSA-1652-1 ruby1.9 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1652-1 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.9 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20309 | |||
Oval ID: | oval:org.mitre.oval:def:20309 | ||
Title: | DSA-1651-1 ruby1.8 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1651-1 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21785 | |||
Oval ID: | oval:org.mitre.oval:def:21785 | ||
Title: | ELSA-2008:0897: ruby security update (Moderate) | ||
Description: | resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 before 1.8.7-p72, and 1.9 r18423 and earlier uses sequential transaction IDs and constant source ports for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2008:0897-01 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 CVE-2008-1145 | Version: | 33 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:28242 | |||
Oval ID: | oval:org.mitre.oval:def:28242 | ||
Title: | RHSA-2008:0897 -- ruby security update (Moderate) | ||
Description: | Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:0897 CESA-2008:0897-CentOS 5 CVE-2008-1145 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7935 | |||
Oval ID: | oval:org.mitre.oval:def:7935 | ||
Title: | DSA-1651 ruby1.8 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1651 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8055 | |||
Oval ID: | oval:org.mitre.oval:def:8055 | ||
Title: | DSA-1652 ruby1.9 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: Keita Yamaguchi discovered that several safe level restrictions are insufficiently enforced. Christian Neukirchen discovered that the WebRick module uses inefficient algorithms for HTTP header splitting, resulting in denial of service through resource exhaustion. It was discovered that the dl module doesn't perform taintness checks. Luka Treiber and Mitja Kolsek discovered that recursively nested XML entities can lead to denial of service through resource exhaustion in rexml. Tanaka Akira discovered that the resolv module uses sequential transaction IDs and a fixed source port for DNS queries, which makes it more vulnerable to DNS spoofing attacks. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1652 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ruby1.9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9570 | |||
Oval ID: | oval:org.mitre.oval:def:9570 | ||
Title: | The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. | ||
Description: | The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3443 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9682 | |||
Oval ID: | oval:org.mitre.oval:def:9682 | ||
Title: | Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | ||
Description: | Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3656 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9793 | |||
Oval ID: | oval:org.mitre.oval:def:9793 | ||
Title: | The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | ||
Description: | The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3657 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-12 | Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004 File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2009-12-14 | Name : Fedora Core 10 FEDORA-2009-13066 (ruby) File : nvt/fcore_2009_13066.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-11 | Name : SLES11: Security update for ruby File : nvt/sles11_ruby.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5053737.nasl |
2009-10-10 | Name : SLES9: Security update for Ruby File : nvt/sles9p5033480.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client) File : nvt/suse_sa_2009_037.nasl |
2009-06-05 | Name : Ubuntu USN-698-3 (nagios2) File : nvt/ubuntu_698_3.nasl |
2009-04-09 | Name : Mandriva Update for ruby MDVSA-2008:141 (ruby) File : nvt/gb_mandriva_MDVSA_2008_141.nasl |
2009-04-09 | Name : Mandriva Update for ruby MDVSA-2008:226 (ruby) File : nvt/gb_mandriva_MDVSA_2008_226.nasl |
2009-03-23 | Name : Ubuntu Update for ruby1.9 vulnerability USN-691-1 File : nvt/gb_ubuntu_USN_691_1.nasl |
2009-03-23 | Name : Ubuntu Update for ruby1.8 vulnerabilities USN-651-1 File : nvt/gb_ubuntu_USN_651_1.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0895-02 File : nvt/gb_RHSA-2008_0895-02_ruby.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0896-01 File : nvt/gb_RHSA-2008_0896-01_ruby.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0897-01 File : nvt/gb_RHSA-2008_0897-01_ruby.nasl |
2009-03-06 | Name : RedHat Update for ruby RHSA-2008:0981-02 File : nvt/gb_RHSA-2008_0981-02_ruby.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0897 centos4 x86_64 File : nvt/gb_CESA-2008_0897_irb_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0981 centos4 i386 File : nvt/gb_CESA-2008_0981_irb_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0981 centos4 x86_64 File : nvt/gb_CESA-2008_0981_irb_centos4_x86_64.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0896 centos3 x86_64 File : nvt/gb_CESA-2008_0896_irb_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0896 centos3 i386 File : nvt/gb_CESA-2008_0896_irb_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for irb CESA-2008:0897 centos4 i386 File : nvt/gb_CESA-2008_0897_irb_centos4_i386.nasl |
2009-02-27 | Name : CentOS Update for ruby CESA-2008:0895-02 centos2 i386 File : nvt/gb_CESA-2008_0895-02_ruby_centos2_i386.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-5649 File : nvt/gb_fedora_2008_5649_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-8738 File : nvt/gb_fedora_2008_8738_ruby_fc9.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-8736 File : nvt/gb_fedora_2008_8736_ruby_fc8.nasl |
2009-02-17 | Name : Fedora Update for ruby FEDORA-2008-6094 File : nvt/gb_fedora_2008_6094_ruby_fc8.nasl |
2009-02-16 | Name : Fedora Update for ruby FEDORA-2008-2458 File : nvt/gb_fedora_2008_2458_ruby_fc7.nasl |
2009-02-16 | Name : Fedora Update for ruby FEDORA-2008-2443 File : nvt/gb_fedora_2008_2443_ruby_fc8.nasl |
2009-01-07 | Name : Debian Security Advisory DSA 1695-1 (ruby1.8, ruby1.9) File : nvt/deb_1695_1.nasl |
2008-12-23 | Name : Gentoo Security Advisory GLSA 200812-17 (ruby) File : nvt/glsa_200812_17.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1651-1 (ruby1.8) File : nvt/deb_1651_1.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1652-1 (ruby1.9) File : nvt/deb_1652_1.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma File : nvt/freebsd_ruby8.nasl |
2008-09-04 | Name : FreeBSD Ports: ruby, ruby+pthreads, ruby+pthreads+oniguruma, ruby+oniguruma File : nvt/freebsd_ruby7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47800 | Ruby Regexp Engine (regex.c) Crafted Socket Request DoS |
47753 | Ruby REXML Library Crafted XML Document Handling DoS |
47472 | Ruby dl Module DL.dlopen Arbitrary Library Access |
47471 | WEBrick in Ruby WEBrick::HTTP::DefaultFileHandler Crafted HTTP Request DoS Ruby contains a flaw that may allow a remote denial of service. The issue is triggered when WEBrick receives a specially crafted HTTP request with malformed regular expressions, and will result in loss of availability for the platform. |
47470 | Ruby Safe Level Multiple Function Restriction Bypass |
47469 | Ruby resolv.rb DNS Query ID Field Prediction Cache Poisoning |
42616 | Ruby WEBrick WEBrick::HTTPServ* :NondisclosureName Option Mixed Case Arbitrar... |
42615 | Ruby WEBrick WEBrick::HTTPServ* Encoded Traversal Arbitrary File Access |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0896.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0981.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081204_ruby_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081021_ruby_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-6338.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_ruby-6339.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ruby-090703.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12452.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12214.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_ruby-090703.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ruby-090703.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_ruby-080729.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-002.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-651-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-141.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-691-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-226.nasl - Type : ACT_GATHER_INFO |
2009-01-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1695.nasl - Type : ACT_GATHER_INFO |
2008-12-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO |
2008-12-17 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200812-17.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0981.nasl - Type : ACT_GATHER_INFO |
2008-12-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-334-01.nasl - Type : ACT_GATHER_INFO |
2008-10-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2008-10-22 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO |
2008-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0897.nasl - Type : ACT_GATHER_INFO |
2008-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0896.nasl - Type : ACT_GATHER_INFO |
2008-10-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0895.nasl - Type : ACT_GATHER_INFO |
2008-10-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1651.nasl - Type : ACT_GATHER_INFO |
2008-10-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1652.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8738.nasl - Type : ACT_GATHER_INFO |
2008-10-10 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8736.nasl - Type : ACT_GATHER_INFO |
2008-08-22 | Name : The remote openSUSE host is missing a security update. File : suse_ruby-5483.nasl - Type : ACT_GATHER_INFO |
2008-08-21 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-5484.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_c329712a6b5b11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f7ba20aa6b5a11dd9d79001fc61c2a55.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Fedora host is missing a security update. File : fedora_2008-6094.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO |
2008-07-01 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO |
2008-06-26 | Name : The remote Fedora host is missing a security update. File : fedora_2008-5649.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2443.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Fedora host is missing a security update. File : fedora_2008-2458.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:59 |
|