Executive Summary
Summary | |
---|---|
Title | Ruby vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-1614-1 | First vendor Publication | 2012-10-23 |
Vendor | Ubuntu | Last vendor Modification | 2012-10-23 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.10 - Ubuntu 12.04 LTS Summary: Several security issues were fixed in Ruby. Software Description: - ruby1.9.1: Interpreter of object-oriented scripting language Ruby Details: Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. USN-1602-1 fixed these vulnerabilities in other Ubuntu releases. This update provides the corresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466) Peter Bex discovered that Ruby incorrectly handled file path strings when opening files. An attacker could use this flaw to open or create unexpected files. (CVE-2012-4522) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.10: Ubuntu 12.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1614-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17422 | |||
Oval ID: | oval:org.mitre.oval:def:17422 | ||
Title: | USN-1602-1 -- ruby1.9.1 vulnerabilities | ||
Description: | Ruby could allow excessive access in untrusted programs. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1602-1 CVE-2012-4464 CVE-2012-4466 | Version: | 7 |
Platform(s): | Ubuntu 12.04 | Product(s): | ruby1.9.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18024 | |||
Oval ID: | oval:org.mitre.oval:def:18024 | ||
Title: | USN-1614-1 -- ruby1.9.1 vulnerabilities | ||
Description: | Several security issues were fixed in Ruby. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1614-1 CVE-2012-4464 CVE-2012-4466 CVE-2012-4522 | Version: | 7 |
Platform(s): | Ubuntu 12.10 Ubuntu 12.04 | Product(s): | ruby1.9.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20949 | |||
Oval ID: | oval:org.mitre.oval:def:20949 | ||
Title: | RHSA-2013:0129: ruby security and bug fix update (Moderate) | ||
Description: | The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2013:0129-00 CESA-2013:0129 CVE-2012-4481 CVE-2012-4522 | Version: | 31 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23147 | |||
Oval ID: | oval:org.mitre.oval:def:23147 | ||
Title: | ELSA-2013:0129: ruby security and bug fix update (Moderate) | ||
Description: | The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013:0129-00 CVE-2012-4481 CVE-2012-4522 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27340 | |||
Oval ID: | oval:org.mitre.oval:def:27340 | ||
Title: | DEPRECATED: ELSA-2013-0129 -- ruby security and bug fix update (moderate) | ||
Description: | [1.8.5-27] - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch - Related: rhbz#867750 [1.8.5-26] - escaping vulnerability about Exception#to_s / NameError#to_s * ruby-1.8.7-p371-CVE-2012-4481.patch - Resolves: rhbz#867750 - unintentional file creation caused by inserting an illegal NUL character * ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch - Resolves: rhbz#867750 [1.8.5-25] - Resolve buffer overflow causing gem installation issues. * ruby-1.8.7-syck-avoid-buffer-overflow.patch - Resolves: rhbz#834381 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2013-0129 CVE-2012-4481 CVE-2012-4522 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | ruby |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-11-26 | Name : FreeBSD Ports: ruby File : nvt/freebsd_ruby14.nasl |
2012-11-26 | Name : FreeBSD Ports: ruby File : nvt/freebsd_ruby15.nasl |
2012-11-19 | Name : Fedora Update for ruby FEDORA-2012-18017 File : nvt/gb_fedora_2012_18017_ruby_fc17.nasl |
2012-10-31 | Name : Ubuntu Update for ruby1.8 USN-1603-2 File : nvt/gb_ubuntu_USN_1603_2.nasl |
2012-10-23 | Name : Fedora Update for ruby FEDORA-2012-16086 File : nvt/gb_fedora_2012_16086_ruby_fc17.nasl |
2012-10-23 | Name : Ubuntu Update for ruby1.9.1 USN-1614-1 File : nvt/gb_ubuntu_USN_1614_1.nasl |
2012-10-16 | Name : Fedora Update for ruby FEDORA-2012-15395 File : nvt/gb_fedora_2012_15395_ruby_fc17.nasl |
2012-10-16 | Name : Fedora Update for ruby FEDORA-2012-15507 File : nvt/gb_fedora_2012_15507_ruby_fc16.nasl |
2012-10-11 | Name : Ubuntu Update for ruby1.9.1 USN-1602-1 File : nvt/gb_ubuntu_USN_1602_1.nasl |
2012-10-11 | Name : Ubuntu Update for ruby1.8 USN-1603-1 File : nvt/gb_ubuntu_USN_1603_1.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-06-01 | Name : The remote Debian host is missing a security update. File : debian_DLA-235.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-167.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-763.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-139.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2013-04-20 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-124.nasl - Type : ACT_GATHER_INFO |
2013-04-04 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_ruby-8524.nasl - Type : ACT_GATHER_INFO |
2013-03-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_ruby-130221.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_ruby_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0129.nasl - Type : ACT_GATHER_INFO |
2012-11-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_3decc87d249811e2b0c7000d601460a4.nasl - Type : ACT_GATHER_INFO |
2012-11-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2a093853249511e2b0c7000d601460a4.nasl - Type : ACT_GATHER_INFO |
2012-10-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1603-2.nasl - Type : ACT_GATHER_INFO |
2012-10-23 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1614-1.nasl - Type : ACT_GATHER_INFO |
2012-10-22 | Name : The remote Fedora host is missing a security update. File : fedora_2012-16086.nasl - Type : ACT_GATHER_INFO |
2012-10-18 | Name : The remote Fedora host is missing a security update. File : fedora_2012-16071.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2012-15507.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote Fedora host is missing a security update. File : fedora_2012-15395.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1602-1.nasl - Type : ACT_GATHER_INFO |
2012-10-11 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1603-1.nasl - Type : ACT_GATHER_INFO |
2012-10-09 | Name : The remote Fedora host is missing a security update. File : fedora_2012-15376.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:58 |
|
2013-04-26 21:21:03 |
|
2013-04-26 17:20:09 |
|
2013-04-26 13:20:20 |
|
2012-11-27 00:22:10 |
|
2012-11-25 00:21:35 |
|