**Issue Overview:**
An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats. (CVE-2018-16396)
The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. (CVE-2020-10663)
**Affected Packages:**
ruby20
**Issue Correction:**
Run _yum update ruby20_ to update your system.
**New Packages:**
i686:
ruby20-libs-2.0.0.648-1.33.amzn1.i686
ruby20-debuginfo-2.0.0.648-1.33.amzn1.i686
rubygem20-psych-2.0.0-1.33.amzn1.i686
ruby20-2.0.0.648-1.33.amzn1.i686
rubygem20-io-console-0.4.2-1.33.amzn1.i686
ruby20-devel-2.0.0.648-1.33.amzn1.i686
rubygem20-bigdecimal-1.2.0-1.33.amzn1.i686
noarch:
rubygems20-2.0.14.1-1.33.amzn1.noarch
rubygems20-devel-2.0.14.1-1.33.amzn1.noarch
ruby20-doc-2.0.0.648-1.33.amzn1.noarch
ruby20-irb-2.0.0.648-1.33.amzn1.noarch
src:
ruby20-2.0.0.648-1.33.amzn1.src
x86_64:
ruby20-libs-2.0.0.648-1.33.amzn1.x86_64
rubygem20-io-console-0.4.2-1.33.amzn1.x86_64
rubygem20-psych-2.0.0-1.33.amzn1.x86_64
ruby20-devel-2.0.0.648-1.33.amzn1.x86_64
ruby20-debuginfo-2.0.0.648-1.33.amzn1.x86_64
ruby20-2.0.0.648-1.33.amzn1.x86_64
rubygem20-bigdecimal-1.2.0-1.33.amzn1.x86_64
### Additional References
Red Hat: [CVE-2018-16396](<https://access.redhat.com/security/cve/CVE-2018-16396>), [CVE-2020-10663](<https://access.redhat.com/security/cve/CVE-2020-10663>)
Mitre: [CVE-2018-16396](<https://vulners.com/cve/CVE-2018-16396>), [CVE-2020-10663](<https://vulners.com/cve/CVE-2020-10663>)
{"nessus": [{"lastseen": "2023-01-11T15:18:54", "description": "An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n(CVE-2018-16396)\n\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269 , but does not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent. (CVE-2020-10663)", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-13T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby20 (ALAS-2020-1416)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2018-16396", "CVE-2020-10663"], "modified": "2022-01-26T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby20", "p-cpe:/a:amazon:linux:ruby20-debuginfo", "p-cpe:/a:amazon:linux:ruby20-devel", "p-cpe:/a:amazon:linux:ruby20-doc", "p-cpe:/a:amazon:linux:ruby20-irb", "p-cpe:/a:amazon:linux:ruby20-libs", "p-cpe:/a:amazon:linux:rubygem20-bigdecimal", "p-cpe:/a:amazon:linux:rubygem20-io-console", "p-cpe:/a:amazon:linux:rubygem20-psych", "p-cpe:/a:amazon:linux:rubygems20", "p-cpe:/a:amazon:linux:rubygems20-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1416.NASL", "href": "https://www.tenable.com/plugins/nessus/139550", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1416.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139550);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\"CVE-2018-16396\", \"CVE-2020-10663\");\n script_xref(name:\"ALAS\", value:\"2020-1416\");\n\n script_name(english:\"Amazon Linux AMI : ruby20 (ALAS-2020-1416)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5,\n2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint\nstrings that result from unpacking tainted strings with some formats.\n(CVE-2018-16396)\n\nThe JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through\n2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object\nCreation Vulnerability. This is quite similar to CVE-2013-0269 , but\ndoes not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a\nmalicious object within the interpreter, with adverse effects that are\napplication-dependent. (CVE-2020-10663)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1416.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ruby20' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16396\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-debuginfo-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-devel-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-doc-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-irb-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-libs-2.0.0.648-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-bigdecimal-1.2.0-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-io-console-0.4.2-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-psych-2.0.0-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-2.0.14.1-1.33.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-devel-2.0.14.1-1.33.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby20 / ruby20-debuginfo / ruby20-devel / ruby20-doc / ruby20-irb / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:18:17", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1426 advisory.\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation Vulnerability. (CVE-2013-0269)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby19 (ALAS-2020-1426)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby19", "p-cpe:/a:amazon:linux:ruby19-debuginfo", "p-cpe:/a:amazon:linux:ruby19-devel", "p-cpe:/a:amazon:linux:ruby19-doc", "p-cpe:/a:amazon:linux:ruby19-irb", "p-cpe:/a:amazon:linux:ruby19-libs", "p-cpe:/a:amazon:linux:ruby21", "p-cpe:/a:amazon:linux:ruby21-debuginfo", "p-cpe:/a:amazon:linux:ruby21-devel", "p-cpe:/a:amazon:linux:ruby21-doc", "p-cpe:/a:amazon:linux:ruby21-irb", "p-cpe:/a:amazon:linux:ruby21-libs", "p-cpe:/a:amazon:linux:rubygem19-bigdecimal", "p-cpe:/a:amazon:linux:rubygem19-io-console", "p-cpe:/a:amazon:linux:rubygem19-json", "p-cpe:/a:amazon:linux:rubygem19-minitest", "p-cpe:/a:amazon:linux:rubygem19-rake", "p-cpe:/a:amazon:linux:rubygem19-rdoc", "p-cpe:/a:amazon:linux:rubygem21-bigdecimal", "p-cpe:/a:amazon:linux:rubygem21-io-console", "p-cpe:/a:amazon:linux:rubygem21-psych", "p-cpe:/a:amazon:linux:rubygems19", "p-cpe:/a:amazon:linux:rubygems19-devel", "p-cpe:/a:amazon:linux:rubygems21", "p-cpe:/a:amazon:linux:rubygems21-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1426.NASL", "href": "https://www.tenable.com/plugins/nessus/140094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1426.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140094);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2013-0269\", \"CVE-2020-10663\");\n script_bugtraq_id(57899);\n script_xref(name:\"ALAS\", value:\"2020-1426\");\n\n script_name(english:\"Amazon Linux AMI : ruby19 (ALAS-2020-1426)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1426 advisory.\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to\n cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a\n crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as\n demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation\n Vulnerability. (CVE-2013-0269)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1426.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ruby19' to update your system.\n Run 'yum update ruby21' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0269\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems21-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ruby19-1.9.3.551-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby19-1.9.3.551-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby19-debuginfo-1.9.3.551-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby19-debuginfo-1.9.3.551-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby19-devel-1.9.3.551-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby19-devel-1.9.3.551-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby19-doc-1.9.3.551-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby19-doc-1.9.3.551-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby19-irb-1.9.3.551-33.71.amzn1', 'release':'ALA'},\n {'reference':'ruby19-libs-1.9.3.551-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby19-libs-1.9.3.551-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby21-2.1.9-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby21-2.1.9-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby21-debuginfo-2.1.9-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby21-debuginfo-2.1.9-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby21-devel-2.1.9-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby21-devel-2.1.9-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby21-doc-2.1.9-1.23.amzn1', 'release':'ALA'},\n {'reference':'ruby21-irb-2.1.9-1.23.amzn1', 'release':'ALA'},\n {'reference':'ruby21-libs-2.1.9-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby21-libs-2.1.9-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem19-bigdecimal-1.1.0-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem19-bigdecimal-1.1.0-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem19-io-console-0.3-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem19-io-console-0.3-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem19-json-1.5.5-33.71.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem19-json-1.5.5-33.71.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem19-minitest-2.5.1-33.71.amzn1', 'release':'ALA'},\n {'reference':'rubygem19-rake-0.9.2.2-33.71.amzn1', 'release':'ALA'},\n {'reference':'rubygem19-rdoc-3.9.5-33.71.amzn1', 'release':'ALA'},\n {'reference':'rubygem21-bigdecimal-1.2.4-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem21-bigdecimal-1.2.4-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem21-io-console-0.4.3-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem21-io-console-0.4.3-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem21-psych-2.0.5-1.23.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem21-psych-2.0.5-1.23.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygems19-1.8.23.2-33.71.amzn1', 'release':'ALA'},\n {'reference':'rubygems19-devel-1.8.23.2-33.71.amzn1', 'release':'ALA'},\n {'reference':'rubygems21-2.2.5-1.23.amzn1', 'release':'ALA'},\n {'reference':'rubygems21-devel-2.2.5-1.23.amzn1', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby19 / ruby19-debuginfo / ruby19-devel / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:18:37", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1423 advisory.\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation Vulnerability. (CVE-2013-0269)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : rubygem-json-debuginfo (ALAS-2020-1423)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rubygem-json-debuginfo", "p-cpe:/a:amazon:linux:rubygem18-json", "p-cpe:/a:amazon:linux:rubygem18-json-doc", "p-cpe:/a:amazon:linux:rubygem20-json", "p-cpe:/a:amazon:linux:rubygem20-json-doc", "p-cpe:/a:amazon:linux:rubygem21-json", "p-cpe:/a:amazon:linux:rubygem21-json-doc", "p-cpe:/a:amazon:linux:rubygem22-json", "p-cpe:/a:amazon:linux:rubygem22-json-doc", "p-cpe:/a:amazon:linux:rubygem23-json", "p-cpe:/a:amazon:linux:rubygem23-json-doc", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1423.NASL", "href": "https://www.tenable.com/plugins/nessus/140093", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1423.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140093);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2013-0269\", \"CVE-2020-10663\");\n script_bugtraq_id(57899);\n script_xref(name:\"ALAS\", value:\"2020-1423\");\n\n script_name(english:\"Amazon Linux AMI : rubygem-json-debuginfo (ALAS-2020-1423)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1423 advisory.\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to\n cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a\n crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as\n demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation\n Vulnerability. (CVE-2013-0269)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1423.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update rubygem-json' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0269\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem18-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem18-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'rubygem-json-debuginfo-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem-json-debuginfo-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem18-json-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem18-json-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem18-json-doc-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem18-json-doc-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem20-json-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem20-json-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem20-json-doc-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem20-json-doc-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem21-json-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem21-json-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem21-json-doc-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem21-json-doc-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem22-json-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem22-json-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem22-json-doc-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem22-json-doc-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem23-json-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem23-json-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem23-json-doc-1.8.3-1.53.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem23-json-doc-1.8.3-1.53.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-json-debuginfo / rubygem18-json / rubygem18-json-doc / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:35:04", "description": "According to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2020-1686)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1686.NASL", "href": "https://www.tenable.com/plugins/nessus/137528", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137528);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-10663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2020-1686)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1686\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48c54776\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h17\",\n \"ruby-irb-2.0.0.648-33.h17\",\n \"ruby-libs-2.0.0.648-33.h17\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:30:35", "description": "When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.\n\nThis is the same issue as CVE-2013-0269. The previous fix was incomplete, which addressed JSON.parse(user_input), but didn't address some other styles of JSON parsing including JSON(user_input) and JSON.parse(user_input, nil).\n\nSee CVE-2013-0269 in detail. Note that the issue was exploitable to cause a Denial of Service by creating many garbage-uncollectable Symbol objects, but this kind of attack is no longer valid because Symbol objects are now garbage-collectable. However, creating arbitrary bjects may cause severe security consequences depending upon the application code.\n\nPlease update the json gem to version 2.3.0 or later. You can use gem update json to update it. If you are using bundler, please add gem 'json', '>= 2.3.0' to your Gemfile.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-26T00:00:00", "type": "nessus", "title": "FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-json", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "href": "https://www.tenable.com/plugins/nessus/134921", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134921);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-10663\");\n\n script_name(english:\"FreeBSD : rubygem-json -- Unsafe Objection Creation Vulnerability in JSON (Additional fix) (40194e1c-6d89-11ea-8082-80ee73419af3)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"When parsing certain JSON documents, the json gem (including the one\nbundled with Ruby) can be coerced into creating arbitrary objects in\nthe target system.\n\nThis is the same issue as CVE-2013-0269. The previous fix was\nincomplete, which addressed JSON.parse(user_input), but didn't\naddress some other styles of JSON parsing including JSON(user_input)\nand JSON.parse(user_input, nil).\n\nSee CVE-2013-0269 in detail. Note that the issue was exploitable to\ncause a Denial of Service by creating many garbage-uncollectable\nSymbol objects, but this kind of attack is no longer valid because\nSymbol objects are now garbage-collectable. However, creating\narbitrary bjects may cause severe security consequences depending upon\nthe application code.\n\nPlease update the json gem to version 2.3.0 or later. You can use gem\nupdate json to update it. If you are using bundler, please add gem\n'json', '>= 2.3.0' to your Gemfile.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/\"\n );\n # https://vuxml.freebsd.org/freebsd/40194e1c-6d89-11ea-8082-80ee73419af3.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5e54143b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-json<2.3.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:31:52", "description": "The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe object creation vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 2.1.5-2+deb8u10.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-01T00:00:00", "type": "nessus", "title": "Debian DLA-2192-1 : ruby2.1 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1-dev", "p-cpe:/a:debian:debian_linux:ruby2.1-doc", "p-cpe:/a:debian:debian_linux:ruby2.1-tcltk", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2192.NASL", "href": "https://www.tenable.com/plugins/nessus/136202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2192-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136202);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-10663\");\n\n script_name(english:\"Debian DLA-2192-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.1 has an unsafe\nobject creation vulnerability. This is quite similar to CVE-2013-0269,\nbut does not rely on poor garbage-collection behavior within Ruby.\nSpecifically, use of JSON parsing methods can lead to creation of a\nmalicious object within the interpreter, with adverse effects that are\napplication-dependent.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n2.1.5-2+deb8u10.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00030.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T06:39:55", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2462 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : pcs (RLSA-2020:2462)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:pcs", "p-cpe:/a:rocky:linux:pcs-snmp", "p-cpe:/a:rocky:linux:rubygem-abrt", "p-cpe:/a:rocky:linux:rubygem-abrt-doc", "p-cpe:/a:rocky:linux:rubygem-bson", "p-cpe:/a:rocky:linux:rubygem-bson-debuginfo", "p-cpe:/a:rocky:linux:rubygem-bson-debugsource", "p-cpe:/a:rocky:linux:rubygem-bson-doc", "p-cpe:/a:rocky:linux:rubygem-bundler", "p-cpe:/a:rocky:linux:rubygem-bundler-doc", "p-cpe:/a:rocky:linux:rubygem-mongo", "p-cpe:/a:rocky:linux:rubygem-mongo-doc", "p-cpe:/a:rocky:linux:rubygem-mysql2", "p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo", "p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource", "p-cpe:/a:rocky:linux:rubygem-mysql2-doc", "p-cpe:/a:rocky:linux:rubygem-pg", "p-cpe:/a:rocky:linux:rubygem-pg-debuginfo", "p-cpe:/a:rocky:linux:rubygem-pg-debugsource", "p-cpe:/a:rocky:linux:rubygem-pg-doc", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2020-2462.NASL", "href": "https://www.tenable.com/plugins/nessus/157830", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2020:2462.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157830);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"RLSA\", value:\"2020:2462\");\n\n script_name(english:\"Rocky Linux 8 : pcs (RLSA-2020:2462)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2020:2462 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2020:2462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1827500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1832914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1838084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1840158\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.3'},\n {'reference':'rubygem-bson-doc-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.5'},\n {'reference':'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.5'},\n {'reference':'rubygem-mongo-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.8'},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.5'},\n {'reference':'rubygem-mongo-doc-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.8'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.4'},\n {'reference':'rubygem-mysql2-doc-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.5'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.0'},\n {'reference':'rubygem-pg-doc-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.1'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp / rubygem-abrt / rubygem-abrt-doc / rubygem-bson / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-11T15:19:32", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\n - There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.(CVE-2020-8130)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-09-08T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1955)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-8130"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1955.NASL", "href": "https://www.tenable.com/plugins/nessus/140325", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140325);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-8130\", \"CVE-2020-10663\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2020-1955)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\n - There is an OS command injection vulnerability in Ruby\n Rake < 12.3.3 in Rake::FileList when supplying a\n filename that begins with the pipe character\n `|`.(CVE-2020-8130)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1955\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40ed6847\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8130\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h26\",\n \"ruby-irb-2.0.0.648-33.h26\",\n \"ruby-libs-2.0.0.648-33.h26\",\n \"rubygem-bigdecimal-1.2.0-33.h26\",\n \"rubygem-io-console-0.4.2-33.h26\",\n \"rubygem-json-1.7.7-33.h26\",\n \"rubygem-psych-2.0.0-33.h26\",\n \"rubygem-rdoc-4.0.0-33.h26\",\n \"rubygems-2.0.14.1-33.h26\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:34:29", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the interpreter.(CVE-2020-10933)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1590.NASL", "href": "https://www.tenable.com/plugins/nessus/136868", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136868);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"EulerOS 2.0 SP8 : ruby (EulerOS-SA-2020-1590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7,\n 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer,\n exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the\n buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the\n interpreter.(CVE-2020-10933)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1590\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1126f8ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:36:09", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2019-16201", "CVE-2020-10663"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/137033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137033);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-16201\",\n \"CVE-2020-10663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : ruby (EulerOS-SA-2020-1615)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7,\n 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by\n looping/backtracking. A victim must expose a WEBrick\n server that uses DigestAuth to the Internet or a\n untrusted network.(CVE-2019-16201)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1615\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5b5b6975\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h25.eulerosv2r7\",\n \"ruby-irb-2.0.0.648-33.h25.eulerosv2r7\",\n \"ruby-libs-2.0.0.648-33.h25.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-25T14:35:20", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the interpreter.(CVE-2020-10933)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-25T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-openssl", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1691.NASL", "href": "https://www.tenable.com/plugins/nessus/137798", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137798);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : ruby (EulerOS-SA-2020-1691)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7,\n 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer,\n exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the\n buffer string provides the previous value of the heap.\n This may expose possibly sensitive data from the\n interpreter.(CVE-2020-10933)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1691\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e474eb4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-irb-2.5.1-98.h8.eulerosv2r8\",\n \"ruby-libs-2.5.1-98.h8.eulerosv2r8\",\n \"rubygem-bigdecimal-1.3.4-98.h8.eulerosv2r8\",\n \"rubygem-io-console-0.4.6-98.h8.eulerosv2r8\",\n \"rubygem-json-2.1.0-98.h8.eulerosv2r8\",\n \"rubygem-openssl-2.1.0-98.h8.eulerosv2r8\",\n \"rubygem-psych-3.0.2-98.h8.eulerosv2r8\",\n \"rubygem-rdoc-6.0.1-98.h8.eulerosv2r8\",\n \"rubygems-2.7.6-98.h8.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:37:23", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4882-1 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Ruby vulnerabilities (USN-4882-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:libruby2.3", "p-cpe:/a:canonical:ubuntu_linux:libruby2.5", "p-cpe:/a:canonical:ubuntu_linux:libruby2.7", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3-dev", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3-tcltk", "p-cpe:/a:canonical:ubuntu_linux:ruby2.5", "p-cpe:/a:canonical:ubuntu_linux:ruby2.5-dev", "p-cpe:/a:canonical:ubuntu_linux:ruby2.7", "p-cpe:/a:canonical:ubuntu_linux:ruby2.7-dev"], "id": "UBUNTU_USN-4882-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147970", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4882-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147970);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\", \"CVE-2020-25613\");\n script_xref(name:\"USN\", value:\"4882-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Ruby vulnerabilities (USN-4882-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4882-1 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4882-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25613\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.5-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.7-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'libruby2.3', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3-dev', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '16.04', 'pkgname': 'ruby2.3-tcltk', 'pkgver': '2.3.1-2~ubuntu16.04.15'},\n {'osver': '18.04', 'pkgname': 'libruby2.5', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '18.04', 'pkgname': 'ruby2.5', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '18.04', 'pkgname': 'ruby2.5-dev', 'pkgver': '2.5.1-1ubuntu1.8'},\n {'osver': '20.04', 'pkgname': 'libruby2.7', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'ruby2.7', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'ruby2.7-dev', 'pkgver': '2.7.0-5ubuntu1.3'},\n {'osver': '20.10', 'pkgname': 'libruby2.7', 'pkgver': '2.7.1-3ubuntu1.2'},\n {'osver': '20.10', 'pkgname': 'ruby2.7', 'pkgver': '2.7.1-3ubuntu1.2'},\n {'osver': '20.10', 'pkgname': 'ruby2.7-dev', 'pkgver': '2.7.1-3ubuntu1.2'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libruby2.3 / libruby2.5 / libruby2.7 / ruby2.3 / ruby2.3-dev / etc');\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-26T15:16:52", "description": "The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1641 advisory.\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. (CVE-2021-31799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-05-24T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ruby (ALAS-2021-1641)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2020-10663", "CVE-2020-25613", "CVE-2021-31799"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:amazon:linux:2:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-debuginfo:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-irb:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:ruby-tcltk:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-bigdecimal:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-io-console:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-json:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-minitest:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-psych:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-rake:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygem-rdoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygems:*:*:*:*:*:*:*", "p-cpe:2.3:a:amazon:linux:rubygems-devel:*:*:*:*:*:*:*"], "id": "AL2_ALAS-2021-1641.NASL", "href": "https://www.tenable.com/plugins/nessus/149871", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1641.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149871);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-25613\", \"CVE-2021-31799\");\n script_xref(name:\"ALAS\", value:\"2021-1641\");\n\n script_name(english:\"Amazon Linux 2 : ruby (ALAS-2021-1641)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1641 advisory.\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute\n arbitrary code via | and tags in a filename. (CVE-2021-31799)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1641.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/../../faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-10663.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25613.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-31799.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ruby' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25613\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'ruby-2.0.0.648-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.0.0.648-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.0.0.648-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-debuginfo-2.0.0.648-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-debuginfo-2.0.0.648-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-debuginfo-2.0.0.648-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.0.0.648-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.0.0.648-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-4.3.2-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-36.amzn2.0.2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-36.amzn2.0.2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-36.amzn2.0.2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-0.9.6-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-4.0.0-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.0.14.1-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.0.14.1-36.amzn2.0.2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / etc\");\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-24T14:25:57", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2839 advisory.\n\n - ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-07T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2020:2839)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16396"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:rubygem-psych", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:rubygems-devel"], "id": "REDHAT-RHSA-2020-2839.NASL", "href": "https://www.tenable.com/plugins/nessus/138161", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2839. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138161);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2018-16396\");\n script_bugtraq_id(105955);\n script_xref(name:\"RHSA\", value:\"2020:2839\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2020:2839)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2839 advisory.\n\n - ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives\n (CVE-2018-16396)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2839\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1643089\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16396\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/optional/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/debug',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/os',\n 'content/eus/rhel/system-z/7/7.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel/system-z/7/7.6/s390x/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ruby-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.0.0.648-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.0.0.648-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-4.3.2-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-38.el7_6', 'sp':'6', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-38.el7_6', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-0.9.6-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-4.0.0-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.0.14.1-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.0.14.1-38.el7_6', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:43:45", "description": "A security flaw was discovered on the previous json that there is a denial of service and unsafe object creation vulnerability. This vulnerability has been assigned the CVE identifier CVE-2013-0269.\n\nThis new rpm will fix this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-03-06T00:00:00", "type": "nessus", "title": "Fedora 17 : rubygem-json-1.6.8-1.fc17 (2013-3050)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-json", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2013-3050.NASL", "href": "https://www.tenable.com/plugins/nessus/65039", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3050.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65039);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0269\");\n script_bugtraq_id(57899);\n script_xref(name:\"FEDORA\", value:\"2013-3050\");\n\n script_name(english:\"Fedora 17 : rubygem-json-1.6.8-1.fc17 (2013-3050)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security flaw was discovered on the previous json that there is a\ndenial of service and unsafe object creation vulnerability. This\nvulnerability has been assigned the CVE identifier CVE-2013-0269.\n\nThis new rpm will fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=910313\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099698.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95fe7766\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-json package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"rubygem-json-1.6.8-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-json\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:54:00", "description": "The JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka 'Unsafe Object Creation Vulnerability.'\n\nFor Debian 6 'Squeeze', this issue has been fixed in libjson-ruby version 1.1.9-1+deb6u1.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-05-01T00:00:00", "type": "nessus", "title": "Debian DLA-215-1 : libjson-ruby security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:edit-json", "p-cpe:/a:debian:debian_linux:libjson-ruby", "p-cpe:/a:debian:debian_linux:libjson-ruby-doc", "p-cpe:/a:debian:debian_linux:libjson-ruby1.8", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-215.NASL", "href": "https://www.tenable.com/plugins/nessus/83167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-215-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83167);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0269\");\n script_bugtraq_id(57899);\n\n script_name(english:\"Debian DLA-215-1 : libjson-ruby security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The JSON gem for Ruby allowed remote attackers to cause a denial of\nservice (resource consumption) or bypass the mass assignment\nprotection mechanism via a crafted JSON document that triggers the\ncreation of arbitrary Ruby symbols or certain internal objects, as\ndemonstrated by conducting a SQL injection attack against Ruby on\nRails, aka 'Unsafe Object Creation Vulnerability.'\n\nFor Debian 6 'Squeeze', this issue has been fixed in\nlibjson-ruby version 1.1.9-1+deb6u1.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/04/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/libjson-ruby\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:edit-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjson-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjson-ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libjson-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"edit-json\", reference:\"1.1.9-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libjson-ruby\", reference:\"1.1.9-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libjson-ruby-doc\", reference:\"1.1.9-1+deb6u1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libjson-ruby1.8\", reference:\"1.1.9-1+deb6u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:41:56", "description": "Aaron Patterson reports :\n\nWhen parsing certain JSON documents, the JSON gem can be coerced in to creating Ruby symbols in a target system. Since Ruby symbols are not garbage collected, this can result in a denial of service attack.\n\nThe same technique can be used to create objects in a target system that act like internal objects. These 'act alike' objects can be used to bypass certain security mechanisms and can be used as a spring board for SQL injection attacks in Ruby on Rails.", "cvss3": {}, "published": "2013-02-18T00:00:00", "type": "nessus", "title": "FreeBSD : Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON (c79eb109-a754-45d7-b552-a42099eb2265)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "p-cpe:/a:freebsd:freebsd:rubygem18-json", "p-cpe:/a:freebsd:freebsd:rubygem18-json_pure", "p-cpe:/a:freebsd:freebsd:rubygem19-json", "p-cpe:/a:freebsd:freebsd:rubygem19-json_pure", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C79EB109A75445D7B552A42099EB2265.NASL", "href": "https://www.tenable.com/plugins/nessus/64652", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(64652);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-0269\");\n\n script_name(english:\"FreeBSD : Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON (c79eb109-a754-45d7-b552-a42099eb2265)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Aaron Patterson reports :\n\nWhen parsing certain JSON documents, the JSON gem can be coerced in to\ncreating Ruby symbols in a target system. Since Ruby symbols are not\ngarbage collected, this can result in a denial of service attack.\n\nThe same technique can be used to create objects in a target system\nthat act like internal objects. These 'act alike' objects can be used\nto bypass certain security mechanisms and can be used as a spring\nboard for SQL injection attacks in Ruby on Rails.\"\n );\n # https://vuxml.freebsd.org/freebsd/c79eb109-a754-45d7-b552-a42099eb2265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ddb8e17\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem18-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem18-json_pure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem19-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem19-json_pure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=1.9,1<1.9.3.385,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem18-json<1.7.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem19-json<1.7.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem18-json_pure<1.7.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem19-json_pure<1.7.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:44:44", "description": "A security flaw was discovered on the previous json that there is a denial of service and unsafe object creation vulnerability. This vulnerability has been assigned the CVE identifier CVE-2013-0269.\n\nThis new rpm will fix this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-03-06T00:00:00", "type": "nessus", "title": "Fedora 18 : rubygem-json-1.6.8-1.fc18 (2013-3052)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-json", "cpe:/o:fedoraproject:fedora:18"], "id": "FEDORA_2013-3052.NASL", "href": "https://www.tenable.com/plugins/nessus/65040", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-3052.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65040);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-0269\");\n script_bugtraq_id(57899);\n script_xref(name:\"FEDORA\", value:\"2013-3052\");\n\n script_name(english:\"Fedora 18 : rubygem-json-1.6.8-1.fc18 (2013-3052)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security flaw was discovered on the previous json that there is a\ndenial of service and unsafe object creation vulnerability. This\nvulnerability has been assigned the CVE identifier CVE-2013-0269.\n\nThis new rpm will fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=910313\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099688.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abe1d1ea\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-json package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"rubygem-json-1.6.8-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-json\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-24T14:38:57", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:2462 advisory.\n\n - rubygem-json: Unsafe Object Creation Vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-01T00:00:00", "type": "nessus", "title": "CentOS 8 : pcs (CESA-2020:2462)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:pcs", "p-cpe:/a:centos:centos:pcs-snmp"], "id": "CENTOS8_RHSA-2020-2462.NASL", "href": "https://www.tenable.com/plugins/nessus/145846", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:2462. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145846);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"RHSA\", value:\"2020:2462\");\n\n script_name(english:\"CentOS 8 : pcs (CESA-2020:2462)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:2462 advisory.\n\n - rubygem-json: Unsafe Object Creation Vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2462\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcs and / or pcs-snmp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pcs-snmp\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'pcs-0.10.4-6.el8_2.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-0.10.4-6.el8_2.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:43", "description": "A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "Fedora 31 : rubygem-json (2020-26df92331a)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-json", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-26DF92331A.NASL", "href": "https://www.tenable.com/plugins/nessus/136294", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-26df92331a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136294);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"FEDORA\", value:\"2020-26df92331a\");\n\n script_name(english:\"Fedora 31 : rubygem-json (2020-26df92331a)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security flaw was found on rubygem-json prior to 2.3.0 which was now\nassigned as CVE-2020-10663. This new rpm contains backport fixes for\nthis issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-26df92331a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-json package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"rubygem-json-2.2.0-202.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-json\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:44", "description": "A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned as CVE-2020-10663. This new rpm contains backport fixes for this issue.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "Fedora 30 : rubygem-json (2020-d171bf636d)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2020-05-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-json", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-D171BF636D.NASL", "href": "https://www.tenable.com/plugins/nessus/136301", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-d171bf636d.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136301);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"FEDORA\", value:\"2020-d171bf636d\");\n\n script_name(english:\"Fedora 30 : rubygem-json (2020-d171bf636d)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A security flaw was found on rubygem-json prior to 2.3.0 which was now\nassigned as CVE-2020-10663. This new rpm contains backport fixes for\nthis issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-d171bf636d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-json package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"rubygem-json-2.2.0-202.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-json\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:35:05", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2462 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "RHEL 8 : pcs (RHSA-2020:2462)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.2", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:pcs", "p-cpe:/a:redhat:enterprise_linux:pcs-snmp"], "id": "REDHAT-RHSA-2020-2462.NASL", "href": "https://www.tenable.com/plugins/nessus/137310", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2462. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137310);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"RHSA\", value:\"2020:2462\");\n\n script_name(english:\"RHEL 8 : pcs (RHSA-2020:2462)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2462 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827500\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcs and / or pcs-snmp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-snmp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.4-6.el8_2.1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.4-6.el8_2.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.4-6.el8_2.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.4-6.el8_2.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.4-6.el8_2.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:35:26", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2473 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "RHEL 8 : pcs (RHSA-2020:2473)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.0", "p-cpe:/a:redhat:enterprise_linux:pcs", "p-cpe:/a:redhat:enterprise_linux:pcs-snmp"], "id": "REDHAT-RHSA-2020-2473.NASL", "href": "https://www.tenable.com/plugins/nessus/137314", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2473. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137314);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"RHSA\", value:\"2020:2473\");\n\n script_name(english:\"RHEL 8 : pcs (RHSA-2020:2473)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2473 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827500\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcs and / or pcs-snmp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-snmp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.0')) audit(AUDIT_OS_NOT, 'Red Hat 8.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.0/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.0/x86_64/appstream/os',\n 'content/e4s/rhel8/8.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.0/x86_64/baseos/os',\n 'content/e4s/rhel8/8.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.0/x86_64/sap/debug',\n 'content/e4s/rhel8/8.0/x86_64/sap/os',\n 'content/e4s/rhel8/8.0/x86_64/sap/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.1-4.el8_0.5', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.1-4.el8_0.5', 'sp':'0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:35:45", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2670 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-25T00:00:00", "type": "nessus", "title": "RHEL 8 : pcs (RHSA-2020:2670)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "cpe:/o:redhat:rhel_eus:8.1", "p-cpe:/a:redhat:enterprise_linux:pcs", "p-cpe:/a:redhat:enterprise_linux:pcs-snmp"], "id": "REDHAT-RHSA-2020-2670.NASL", "href": "https://www.tenable.com/plugins/nessus/137831", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2670. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137831);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2020-10663\");\n script_xref(name:\"RHSA\", value:\"2020:2670\");\n\n script_name(english:\"RHEL 8 : pcs (RHSA-2020:2670)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2670 advisory.\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1827500\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected pcs and / or pcs-snmp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 94);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pcs-snmp\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.1/ppc64le/sap/os',\n 'content/e4s/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/appstream/debug',\n 'content/eus/rhel8/8.1/aarch64/appstream/os',\n 'content/eus/rhel8/8.1/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/baseos/debug',\n 'content/eus/rhel8/8.1/aarch64/baseos/os',\n 'content/eus/rhel8/8.1/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.1/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.1/aarch64/highavailability/os',\n 'content/eus/rhel8/8.1/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.1/aarch64/supplementary/os',\n 'content/eus/rhel8/8.1/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.1/ppc64le/appstream/os',\n 'content/eus/rhel8/8.1/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.1/ppc64le/baseos/os',\n 'content/eus/rhel8/8.1/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.1/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.1/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.1/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.1/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/sap/debug',\n 'content/eus/rhel8/8.1/ppc64le/sap/os',\n 'content/eus/rhel8/8.1/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.1/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/appstream/debug',\n 'content/eus/rhel8/8.1/s390x/appstream/os',\n 'content/eus/rhel8/8.1/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/baseos/debug',\n 'content/eus/rhel8/8.1/s390x/baseos/os',\n 'content/eus/rhel8/8.1/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.1/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/highavailability/debug',\n 'content/eus/rhel8/8.1/s390x/highavailability/os',\n 'content/eus/rhel8/8.1/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.1/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/sap/debug',\n 'content/eus/rhel8/8.1/s390x/sap/os',\n 'content/eus/rhel8/8.1/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/s390x/supplementary/debug',\n 'content/eus/rhel8/8.1/s390x/supplementary/os',\n 'content/eus/rhel8/8.1/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/appstream/debug',\n 'content/eus/rhel8/8.1/x86_64/appstream/os',\n 'content/eus/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/baseos/debug',\n 'content/eus/rhel8/8.1/x86_64/baseos/os',\n 'content/eus/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.1/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.1/x86_64/highavailability/os',\n 'content/eus/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.1/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/sap/debug',\n 'content/eus/rhel8/8.1/x86_64/sap/os',\n 'content/eus/rhel8/8.1/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.1/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.1/x86_64/supplementary/os',\n 'content/eus/rhel8/8.1/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'pcs-0.10.2-4.el8_1.1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.2-4.el8_1.1', 'sp':'1', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:31:46", "description": "In ruby-json before 2.3.0, there is an unsafe object creation vulnerability. When parsing certain JSON documents, the json gem (including the one bundled with Ruby) can be coerced into creating arbitrary objects in the target system.\n\nFor Debian 8 'Jessie', this problem has been fixed in version 1.8.1-1+deb8u1.\n\nWe recommend that you upgrade your ruby-json packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-29T00:00:00", "type": "nessus", "title": "Debian DLA-2190-1 : ruby-json security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby-json", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2190.NASL", "href": "https://www.tenable.com/plugins/nessus/136067", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2190-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136067);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-10663\");\n\n script_name(english:\"Debian DLA-2190-1 : ruby-json security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In ruby-json before 2.3.0, there is an unsafe object creation\nvulnerability. When parsing certain JSON documents, the json gem\n(including the one bundled with Ruby) can be coerced into creating\narbitrary objects in the target system.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1.8.1-1+deb8u1.\n\nWe recommend that you upgrade your ruby-json packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby-json\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected ruby-json package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-json\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"ruby-json\", reference:\"1.8.1-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-05T15:48:04", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer over-read.(CVE-2019-19204)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16255", "CVE-2019-19204", "CVE-2020-10663"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1717.NASL", "href": "https://www.tenable.com/plugins/nessus/137936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137936);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16255\",\n \"CVE-2019-19204\",\n \"CVE-2020-10663\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2020-1717)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An issue was discovered in Oniguruma 6.x before\n 6.9.4_rc2. In the function fetch_interval_quantifier\n (formerly known as fetch_range_quantifier) in\n regparse.c, PFETCH is called without checking PEND.\n This leads to a heap-based buffer\n over-read.(CVE-2019-19204)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x\n through 2.6.4 allows code injection if the first\n argument (aka the 'command' argument) to Shell#[] or\n Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby\n method.(CVE-2019-16255)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x\n through 2.6.4 mishandles path checking within\n File.fnmatch functions.(CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7,\n 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by\n looping/backtracking. A victim must expose a WEBrick\n server that uses DigestAuth to the Internet or a\n untrusted network.(CVE-2019-16201)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1717\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d533db24\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h25\",\n \"ruby-irb-2.0.0.648-33.h25\",\n \"ruby-libs-2.0.0.648-33.h25\",\n \"rubygem-bigdecimal-1.2.0-33.h25\",\n \"rubygem-io-console-0.4.2-33.h25\",\n \"rubygem-json-1.7.7-33.h25\",\n \"rubygem-psych-2.0.0-33.h25\",\n \"rubygem-rdoc-4.0.0-33.h25\",\n \"rubygems-2.0.14.1-33.h25\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:51:12", "description": "Ruby news :\n\nCVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly\n\nAn instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.\n\nCVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives\n\nArray#pack method converts the receiver's contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-22T00:00:00", "type": "nessus", "title": "FreeBSD : ruby -- multiple vulnerabilities (afc60484-0652-440e-b01a-5ef814747f06)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2022-02-07T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_AFC604840652440EB01A5EF814747F06.NASL", "href": "https://www.tenable.com/plugins/nessus/118247", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2022 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118247);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/07\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"FreeBSD : ruby -- multiple vulnerabilities (afc60484-0652-440e-b01a-5ef814747f06)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby news :\n\nCVE-2018-16395: OpenSSL::X509::Name equality check does not work\ncorrectly\n\nAn instance of OpenSSL::X509::Name contains entities such as CN, C and\nso on. Some two instances of OpenSSL::X509::Name are equal only when\nall entities are exactly equal. However, there is a bug that the\nequality check is not correct if the value of an entity of the\nargument (right-hand side) starts with the value of the receiver\n(left-hand side). So, if a malicious X.509 certificate is passed to\ncompare with an existing certificate, there is a possibility to be\njudged incorrectly that they are equal.\n\nCVE-2018-16396: Tainted flags are not propagated in Array#pack and\nString#unpack with some directives\n\nArray#pack method converts the receiver's contents into a string with\nspecified format. If the receiver contains some tainted objects, the\nreturned string also should be tainted. String#unpack method which\nconverts the receiver into an array also should propagate its tainted\nflag to the objects contained in the returned array. But, with B, b, H\nand h directives, the tainted flags are not propagated. So, if a\nscript processes unreliable inputs by Array#pack and/or String#unpack\nwith these directives and checks the reliability with tainted flags,\nthe check might be wrong.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/\"\n );\n # https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cb277f6\"\n );\n # https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ea53be8\"\n );\n # https://vuxml.freebsd.org/freebsd/afc60484-0652-440e-b01a-5ef814747f06.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?60c17970\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16395\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.3.0,1<2.3.8,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.4.0,1<2.4.5,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.5.0,1<2.5.2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:17", "description": "CVE-2018-16395 Fix for OpenSSL::X509::Name equality check.\n\nCVE-2018-16396 Tainted flags are not propagated in Array#pack and String#unpack with some directives.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.1.5-2+deb8u6.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-10-29T00:00:00", "type": "nessus", "title": "Debian DLA-1558-1 : ruby2.1 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1-dev", "p-cpe:/a:debian:debian_linux:ruby2.1-doc", "p-cpe:/a:debian:debian_linux:ruby2.1-tcltk", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1558.NASL", "href": "https://www.tenable.com/plugins/nessus/118471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1558-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118471);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"Debian DLA-1558-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2018-16395 Fix for OpenSSL::X509::Name equality check.\n\nCVE-2018-16396 Tainted flags are not propagated in Array#pack and\nString#unpack with some directives.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u6.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/10/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u6\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:52:21", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2018-16395 Tyler Eckstein reported that the equality check of OpenSSL::X509::Name could return true for non-equal objects. If a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.\n\n - CVE-2018-16396 Chris Seaton discovered that tainted flags are not propagated in Array#pack and String#unpack with some directives.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-05T00:00:00", "type": "nessus", "title": "Debian DSA-4332-1 : ruby2.3 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2021-04-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby2.3", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4332.NASL", "href": "https://www.tenable.com/plugins/nessus/118721", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4332. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118721);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/29\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n script_xref(name:\"DSA\", value:\"4332\");\n\n script_name(english:\"Debian DSA-4332-1 : ruby2.3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems :\n\n - CVE-2018-16395\n Tyler Eckstein reported that the equality check of\n OpenSSL::X509::Name could return true for non-equal\n objects. If a malicious X.509 certificate is passed to\n compare with an existing certificate, there is a\n possibility to be judged incorrectly that they are\n equal.\n\n - CVE-2018-16396\n Chris Seaton discovered that tainted flags are not\n propagated in Array#pack and String#unpack with some\n directives.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ruby2.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby2.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4332\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ruby2.3 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.3.3-1+deb9u4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libruby2.3\", reference:\"2.3.3-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3\", reference:\"2.3.3-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-dev\", reference:\"2.3.3-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-doc\", reference:\"2.3.3-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-tcltk\", reference:\"2.3.3-1+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:13", "description": "An update of the rubygem package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Rubygem PHSA-2019-2.0-0130", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:rubygem", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0130_RUBYGEM.NASL", "href": "https://www.tenable.com/plugins/nessus/122897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0130. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122897);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/04\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"Photon OS 2.0: Rubygem PHSA-2019-2.0-0130\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the rubygem package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-130.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16395\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rubygem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rubygem-concurrent-ruby-1.0.5-2.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rubygem-libxml-ruby-3.0.0-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rubygem-yajl-ruby-1.4.0-2.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:51:25", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Ruby PHSA-2019-2.0-0130", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2020-02-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0130_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/122896", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0130. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122896);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/02/04\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"Photon OS 2.0: Ruby PHSA-2019-2.0-0130\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-130.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16395\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ruby-2.5.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ruby-apparmor-2.13-4.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"ruby-debuginfo-2.5.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:45", "description": "An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)\n\nAn issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.(CVE-2018-16396)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-12-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby23 / ruby24 (ALAS-2018-1113)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2020-06-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby23", "p-cpe:/a:amazon:linux:ruby23-debuginfo", "p-cpe:/a:amazon:linux:ruby23-devel", "p-cpe:/a:amazon:linux:ruby23-doc", "p-cpe:/a:amazon:linux:ruby23-irb", "p-cpe:/a:amazon:linux:ruby23-libs", "p-cpe:/a:amazon:linux:ruby24", "p-cpe:/a:amazon:linux:ruby24-debuginfo", "p-cpe:/a:amazon:linux:ruby24-devel", "p-cpe:/a:amazon:linux:ruby24-doc", "p-cpe:/a:amazon:linux:ruby24-irb", "p-cpe:/a:amazon:linux:ruby24-libs", "p-cpe:/a:amazon:linux:rubygem23-bigdecimal", "p-cpe:/a:amazon:linux:rubygem23-did_you_mean", "p-cpe:/a:amazon:linux:rubygem23-io-console", "p-cpe:/a:amazon:linux:rubygem23-json", "p-cpe:/a:amazon:linux:rubygem23-psych", "p-cpe:/a:amazon:linux:rubygem24-bigdecimal", "p-cpe:/a:amazon:linux:rubygem24-did_you_mean", "p-cpe:/a:amazon:linux:rubygem24-io-console", "p-cpe:/a:amazon:linux:rubygem24-json", "p-cpe:/a:amazon:linux:rubygem24-psych", "p-cpe:/a:amazon:linux:rubygem24-xmlrpc", "p-cpe:/a:amazon:linux:rubygems23", "p-cpe:/a:amazon:linux:rubygems23-devel", "p-cpe:/a:amazon:linux:rubygems24", "p-cpe:/a:amazon:linux:rubygems24-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2018-1113.NASL", "href": "https://www.tenable.com/plugins/nessus/119472", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1113.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119472);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/09\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n script_xref(name:\"ALAS\", value:\"2018-1113\");\n\n script_name(english:\"Amazon Linux AMI : ruby23 / ruby24 (ALAS-2018-1113)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An issue was discovered in the OpenSSL library in Ruby before 2.3.8,\n2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n2.6.0-preview3. When two OpenSSL::X509::Name objects are compared\nusing ==, depending on the ordering, non-equal objects may return\ntrue. When the first argument is one character longer than the second,\nor the second argument contains a character that is one less than a\ncharacter in the same position of the first argument, the result of ==\nwill be true. This could be leveraged to create an illegitimate\ncertificate that may be accepted as legitimate and then used in\nsigning or encryption operations.(CVE-2018-16395)\n\nAn issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5,\n2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint\nstrings that result from unpacking tainted strings with some\nformats.(CVE-2018-16396)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-1113.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update ruby23' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-debuginfo-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-devel-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-doc-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-irb-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-libs-2.3.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-debuginfo-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-devel-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-doc-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-irb-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-libs-2.4.5-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-bigdecimal-1.2.8-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-did_you_mean-1.0.0-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-io-console-0.4.5-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-json-1.8.3.1-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-psych-2.1.0.1-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-bigdecimal-1.3.2-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-did_you_mean-1.1.0-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-io-console-0.4.6-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-json-2.0.4-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-psych-2.2.2-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-xmlrpc-0.2.1-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-2.5.2.3-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-devel-2.5.2.3-1.20.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-2.6.14.3-1.30.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-devel-2.6.14.3-1.30.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby23 / ruby23-debuginfo / ruby23-devel / ruby23-doc / ruby23-irb / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:13", "description": "An update of the rubygem package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Rubygem PHSA-2019-1.0-0205", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:rubygem", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0205_RUBYGEM.NASL", "href": "https://www.tenable.com/plugins/nessus/122904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0205. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122904);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"Photon OS 1.0: Rubygem PHSA-2019-1.0-0205\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the rubygem package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-205.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16395\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rubygem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rubygem-libxml-ruby-3.0.0-3.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:50:15", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby PHSA-2019-1.0-0205", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0205_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/122903", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0205. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122903);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2018-16395\", \"CVE-2018-16396\");\n\n script_name(english:\"Photon OS 1.0: Ruby PHSA-2019-1.0-0205\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-205.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16395\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ruby-2.5.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ruby-debuginfo-2.5.3-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:07", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.(CVE-2018-16396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1341)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1341.NASL", "href": "https://www.tenable.com/plugins/nessus/124627", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124627);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16395\",\n \"CVE-2018-16396\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : ruby (EulerOS-SA-2019-1341)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the OpenSSL library in Ruby\n before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2,\n and 2.6.x before 2.6.0-preview3. When two\n OpenSSL::X509::Name objects are compared using ==,\n depending on the ordering, non-equal objects may return\n true. When the first argument is one character longer\n than the second, or the second argument contains a\n character that is one less than a character in the same\n position of the first argument, the result of == will\n be true. This could be leveraged to create an\n illegitimate certificate that may be accepted as\n legitimate and then used in signing or encryption\n operations.(CVE-2018-16395)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x\n before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n 2.6.0-preview3. It does not taint strings that result\n from unpacking tainted strings with some\n formats.(CVE-2018-16396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1341\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1a133b91\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h12.eulerosv2r7\",\n \"ruby-irb-2.0.0.648-33.h12.eulerosv2r7\",\n \"ruby-libs-2.0.0.648-33.h12.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:27:07", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.(CVE-2018-16396)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : ruby (EulerOS-SA-2019-1340)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1340.NASL", "href": "https://www.tenable.com/plugins/nessus/124626", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124626);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16395\",\n \"CVE-2018-16396\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : ruby (EulerOS-SA-2019-1340)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An issue was discovered in the OpenSSL library in Ruby\n before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2,\n and 2.6.x before 2.6.0-preview3. When two\n OpenSSL::X509::Name objects are compared using ==,\n depending on the ordering, non-equal objects may return\n true. When the first argument is one character longer\n than the second, or the second argument contains a\n character that is one less than a character in the same\n position of the first argument, the result of == will\n be true. This could be leveraged to create an\n illegitimate certificate that may be accepted as\n legitimate and then used in signing or encryption\n operations.(CVE-2018-16395)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x\n before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n 2.6.0-preview3. It does not taint strings that result\n from unpacking tainted strings with some\n formats.(CVE-2018-16396)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1340\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b5316d12\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h11\",\n \"ruby-irb-2.0.0.648-33.h11\",\n \"ruby-libs-2.0.0.648-33.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:44:32", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network.(CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.(CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions.(CVE-2019-15845)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the 'command' argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.(CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2139.NASL", "href": "https://www.tenable.com/plugins/nessus/140906", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140906);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : ruby (EulerOS-SA-2020-2139)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7,\n 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by\n looping/backtracking. A victim must expose a WEBrick\n server that uses DigestAuth to the Internet or a\n untrusted network.(CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x\n through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the\n response header, an attacker can exploit it to insert a\n newline character to split a header, and inject\n malicious content to deceive clients. NOTE: this issue\n exists because of an incomplete fix for CVE-2017-17742,\n which addressed the CRLF vector, but did not address an\n isolated CR or an isolated LF.(CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x\n through 2.6.4 mishandles path checking within\n File.fnmatch functions.(CVE-2019-15845)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x\n through 2.6.4 allows code injection if the first\n argument (aka the 'command' argument) to Shell#[] or\n Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby\n method.(CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby\n 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability.\n This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby.\n Specifically, use of JSON parsing methods can lead to\n creation of a malicious object within the interpreter,\n with adverse effects that are\n application-dependent.(CVE-2020-10663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2139\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2ad10b27\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h18\",\n \"ruby-irb-2.0.0.648-33.h18\",\n \"ruby-libs-2.0.0.648-33.h18\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-18T14:34:34", "description": "Ruby 1.8 was updated to fix a XML entity expansion denial of service attack (CVE-2013-1821)\n\nRuby 1.9 was updated to 1.9.3 p392, fixing the same security issues and also :\n\n - update json intree to 1.5.5: Denial of Service and Unsafe Object Creation Vulnerability in JSON CVE-2013-0269\n\n - limit entity expansion text limit to 10kB CVE-2013-1821\n\n - get rid of a SEGV when calling rb_iter_break() from some extention libraries.\n\n - some warning suppressed and smaller fixes", "cvss3": {}, "published": "2014-06-13T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2013-1821"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby", "p-cpe:/a:novell:opensuse:ruby-common", "p-cpe:/a:novell:opensuse:ruby-debuginfo", "p-cpe:/a:novell:opensuse:ruby-debugsource", "p-cpe:/a:novell:opensuse:ruby-devel", "p-cpe:/a:novell:opensuse:ruby-doc-html", "p-cpe:/a:novell:opensuse:ruby-doc-ri", "p-cpe:/a:novell:opensuse:ruby-examples", "p-cpe:/a:novell:opensuse:ruby-test-suite", "p-cpe:/a:novell:opensuse:ruby-tk", "p-cpe:/a:novell:opensuse:ruby-tk-debuginfo", "p-cpe:/a:novell:opensuse:ruby19", "p-cpe:/a:novell:opensuse:ruby19-debuginfo", "p-cpe:/a:novell:opensuse:ruby19-debugsource", "p-cpe:/a:novell:opensuse:ruby19-devel", "p-cpe:/a:novell:opensuse:ruby19-devel-extra", "p-cpe:/a:novell:opensuse:ruby19-doc-ri", "p-cpe:/a:novell:opensuse:ruby19-tk", "p-cpe:/a:novell:opensuse:ruby19-tk-debuginfo", "cpe:/o:novell:opensuse:12.1", "cpe:/o:novell:opensuse:12.2", "cpe:/o:novell:opensuse:12.3"], "id": "OPENSUSE-2013-298.NASL", "href": "https://www.tenable.com/plugins/nessus/74955", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-298.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74955);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-0269\", \"CVE-2013-1821\");\n\n script_name(english:\"openSUSE Security Update : ruby (openSUSE-SU-2013:0603-1)\");\n script_summary(english:\"Check for the openSUSE-2013-298 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby 1.8 was updated to fix a XML entity expansion denial of service\nattack (CVE-2013-1821)\n\nRuby 1.9 was updated to 1.9.3 p392, fixing the same security issues\nand also :\n\n - update json intree to 1.5.5: Denial of Service and\n Unsafe Object Creation Vulnerability in JSON\n CVE-2013-0269\n\n - limit entity expansion text limit to 10kB CVE-2013-1821\n\n - get rid of a SEGV when calling rb_iter_break() from some\n extention libraries.\n\n - some warning suppressed and smaller fixes\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=803342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=808137\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-test-suite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1|SUSE12\\.2|SUSE12\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1 / 12.2 / 12.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-debuginfo-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-debugsource-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-devel-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-doc-html-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-doc-ri-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-examples-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-test-suite-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-tk-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"ruby-tk-debuginfo-1.8.7.p357-2.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby-1.9.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby-common-1.9.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby-devel-1.9.3-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-debuginfo-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-debugsource-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-devel-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-devel-extra-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-doc-ri-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-tk-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-tk-debuginfo-1.9.3.p392-3.22.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby-1.9.3-15.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby-devel-1.9.3-15.2.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-debuginfo-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-debugsource-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-devel-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-devel-extra-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-doc-ri-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-tk-1.9.3.p392-1.5.2\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-tk-debuginfo-1.9.3.p392-1.5.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:53:56", "description": "Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix two security issues are now available for Red Hat OpenShift Enterprise 1.1.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks.\n\nA flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. (CVE-2013-0269)\n\nIt was found that documentation created by rubygem-rdoc and ruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS) attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used for creating documentation for Ruby source files (such as classes, modules, and so on), it is not a common scenario to make such documentation accessible over the network. (CVE-2013-0256)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting CVE-2013-0269, and Eric Hodel of RDoc upstream for reporting CVE-2013-0256. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the original reporters of CVE-2013-0269, and Evgeny Ermakov as the original reporter of CVE-2013-0256.\n\nUsers of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these updated packages, which correct these issues.", "cvss3": {}, "published": "2018-12-06T00:00:00", "type": "nessus", "title": "RHEL 6 : ruby193-ruby, rubygem-json and rubygem-rdoc (RHSA-2013:0701)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0256", "CVE-2013-0269"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ruby193-ruby", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems", "p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-json-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc-doc", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0701.NASL", "href": "https://www.tenable.com/plugins/nessus/119437", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0701. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119437);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0256\", \"CVE-2013-0269\");\n script_bugtraq_id(57785, 57899);\n script_xref(name:\"RHSA\", value:\"2013:0701\");\n\n script_name(english:\"RHEL 6 : ruby193-ruby, rubygem-json and rubygem-rdoc (RHSA-2013:0701)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated ruby193-ruby, rubygem-json and rubygem-rdoc packages that fix\ntwo security issues are now available for Red Hat OpenShift Enterprise\n1.1.3.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nA flaw in rubygem-json and ruby193-rubygem-json allowed remote attacks\nby creating different types of malicious objects. For example, it\ncould initiate a denial of service attack through resource consumption\nby using a JSON document to create arbitrary Ruby symbols, which were\nnever garbage collected. It could also be exploited to create internal\nobjects which could allow a SQL injection attack. (CVE-2013-0269)\n\nIt was found that documentation created by rubygem-rdoc and\nruby193-rubygem-rdoc was vulnerable to a cross-site scripting (XSS)\nattack. If such documentation was accessible over a network, and a\nremote attacker could trick a user into visiting a specially crafted\nURL, it would lead to arbitrary web script execution in the context of\nthe user's session. As rubygem-rdoc and ruby193-rubygem-rdoc are used\nfor creating documentation for Ruby source files (such as classes,\nmodules, and so on), it is not a common scenario to make such\ndocumentation accessible over the network. (CVE-2013-0256)\n\nRed Hat would like to thank Ruby on Rails upstream for reporting\nCVE-2013-0269, and Eric Hodel of RDoc upstream for reporting\nCVE-2013-0256. Upstream acknowledges Thomas Hollstegge of Zweitag and\nBen Murphy as the original reporters of CVE-2013-0269, and Evgeny\nErmakov as the original reporter of CVE-2013-0256.\n\nUsers of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to\nthese updated packages, which correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0701\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-0269\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0701\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-debuginfo-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-devel-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-doc-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-ruby-irb-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-libs-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-ruby-tcltk-1.9.3.327-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-bigdecimal-1.1.0-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-io-console-0.3-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-json-1.5.4-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-minitest-2.5.1-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygem-rake-0.9.2.2-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby193-rubygem-rdoc-3.9.4-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygems-1.8.23-28.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"ruby193-rubygems-devel-1.8.23-28.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-1.7\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.3-2.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-debuginfo-1.7\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-debuginfo-1.7.3-2.el6\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-doc-1.7\", release:\"RHEL6\") && rpm_check(release:\"RHEL6\", reference:\"rubygem-json-doc-1.7.3-2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rdoc-3.8-9.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"rubygem-rdoc-doc-3.8-9.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby193-ruby / ruby193-ruby-debuginfo / ruby193-ruby-devel / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:43:57", "description": "New ruby packages are available for Slackware 13.1, 13.37, 14.0, and\n-current to fix security issues.", "cvss3": {}, "published": "2013-03-17T00:00:00", "type": "nessus", "title": "Slackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2013-075-01)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2013-1821"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:ruby", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0"], "id": "SLACKWARE_SSA_2013-075-01.NASL", "href": "https://www.tenable.com/plugins/nessus/65583", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-075-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65583);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-0269\", \"CVE-2013-1821\");\n script_bugtraq_id(57899, 58141);\n script_xref(name:\"SSA\", value:\"2013-075-01\");\n\n script_name(english:\"Slackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2013-075-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 13.1, 13.37, 14.0, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?091d35a6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.1\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p392\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-25T14:37:25", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language.\n\n - CVE-2020-10663 Jeremy Evans reported an unsafe object creation vulnerability in the json gem bundled with Ruby. When parsing certain JSON documents, the json gem can be coerced into creating arbitrary objects in the target system.\n\n - CVE-2020-10933 Samuel Williams reported a flaw in the socket library which may lead to exposure of possibly sensitive data from the interpreter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-07-09T00:00:00", "type": "nessus", "title": "Debian DSA-4721-1 : ruby2.5 - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby2.5", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4721.NASL", "href": "https://www.tenable.com/plugins/nessus/138227", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4721. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138227);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n script_xref(name:\"DSA\", value:\"4721\");\n\n script_name(english:\"Debian DSA-4721-1 : ruby2.5 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language.\n\n - CVE-2020-10663\n Jeremy Evans reported an unsafe object creation\n vulnerability in the json gem bundled with Ruby. When\n parsing certain JSON documents, the json gem can be\n coerced into creating arbitrary objects in the target\n system.\n\n - CVE-2020-10933\n Samuel Williams reported a flaw in the socket library\n which may lead to exposure of possibly sensitive data\n from the interpreter.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2020-10933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ruby2.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/ruby2.5\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4721\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the ruby2.5 packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2.5.5-3+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"libruby2.5\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5-dev\", reference:\"2.5.5-3+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby2.5-doc\", reference:\"2.5.5-3+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:28", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-18T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby PHSA-2020-1.0-0294", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0294_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/136693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0294. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136693);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"Photon OS 1.0: Ruby PHSA-2020-1.0-0294\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-294.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"ruby-2.5.8-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-24T14:22:05", "description": "Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-22T00:00:00", "type": "nessus", "title": "Fedora 31 : ruby (2020-a95706b117)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ruby", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-A95706B117.NASL", "href": "https://www.tenable.com/plugins/nessus/136781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a95706b117.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136781);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n script_xref(name:\"FEDORA\", value:\"2020-a95706b117\");\n\n script_name(english:\"Fedora 31 : ruby (2020-a95706b117)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Update to Ruby 2.6.6. Also fixes CVE-2020-10933 and CVE-2020-10663.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a95706b117\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"ruby-2.6.6-125.fc31\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:19", "description": "This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\n - CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244).\n\n - CVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938).\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-04T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ruby2.5 (openSUSE-2020-586)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libruby2_5-2_5", "p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5", "p-cpe:/a:novell:opensuse:ruby2.5-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.5-debugsource", "p-cpe:/a:novell:opensuse:ruby2.5-devel", "p-cpe:/a:novell:opensuse:ruby2.5-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.5-doc-ri", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib", "p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-586.NASL", "href": "https://www.tenable.com/plugins/nessus/136309", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-586.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136309);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/16\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"openSUSE Security Update : ruby2.5 (openSUSE-2020-586)\");\n script_summary(english:\"Check for the openSUSE-2020-586 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\n - CVE-2020-10663: Unsafe Object Creation Vulnerability in\n JSON (bsc#1167244).\n\n - CVE-2020-10933: Heap exposure vulnerability in the\n socket library (bsc#1168938).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168938\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected ruby2.5 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-debugsource-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-devel-extra-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-doc-ri-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-2.5.8-lp151.4.9.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-lp151.4.9.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby2_5-2_5 / libruby2_5-2_5-debuginfo / ruby2.5 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:31:51", "description": "This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\nCVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (bsc#1167244).\n\nCVE-2020-10933: Heap exposure vulnerability in the socket library (bsc#1168938).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-04-16T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libruby2_5", "p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.5", "p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.5-debugsource", "p-cpe:/a:novell:suse_linux:ruby2.5-devel", "p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra", "p-cpe:/a:novell:suse_linux:ruby2.5-doc", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib", "p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-0995-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0995-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135671);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : ruby2.5 (SUSE-SU-2020:0995-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for ruby2.5 to version 2.5.8 fixes the following issues :\n\nCVE-2020-10663: Unsafe Object Creation Vulnerability in JSON\n(bsc#1167244).\n\nCVE-2020-10933: Heap exposure vulnerability in the socket library\n(bsc#1168938).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10663/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10933/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200995-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?99ee8ee0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-995=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2020-995=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_5-2_5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.5-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"libruby2_5-2_5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debuginfo-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-debugsource-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-devel-extra-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-doc-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-2.5.8-4.11.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"ruby2.5-stdlib-debuginfo-2.5.8-4.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-01-25T14:34:18", "description": "An update of the ruby package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-13T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Ruby PHSA-2020-3.0-0089", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10663", "CVE-2020-10933"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0089_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/136581", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0089. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136581);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\"CVE-2020-10663\", \"CVE-2020-10933\");\n\n script_name(english:\"Photon OS 3.0: Ruby PHSA-2020-3.0-0089\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-89.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-10933\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-10663\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", cpu:\"x86_64\", reference:\"ruby-2.5.8-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-03-05T15:51:00", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.\n\n - jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation Vulnerability. (CVE-2013-0269)\n\n - jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.\n (CVE-2015-9251)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-08-31T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby24 (ALAS-2020-1422)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6708", "CVE-2013-0269", "CVE-2015-9251", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663"], "modified": "2022-05-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby24", "p-cpe:/a:amazon:linux:ruby24-debuginfo", "p-cpe:/a:amazon:linux:ruby24-devel", "p-cpe:/a:amazon:linux:ruby24-doc", "p-cpe:/a:amazon:linux:ruby24-irb", "p-cpe:/a:amazon:linux:ruby24-libs", "p-cpe:/a:amazon:linux:rubygem24-bigdecimal", "p-cpe:/a:amazon:linux:rubygem24-did_you_mean", "p-cpe:/a:amazon:linux:rubygem24-io-console", "p-cpe:/a:amazon:linux:rubygem24-json", "p-cpe:/a:amazon:linux:rubygem24-minitest5", "p-cpe:/a:amazon:linux:rubygem24-net-telnet", "p-cpe:/a:amazon:linux:rubygem24-power_assert", "p-cpe:/a:amazon:linux:rubygem24-psych", "p-cpe:/a:amazon:linux:rubygem24-rdoc", "p-cpe:/a:amazon:linux:rubygem24-test-unit", "p-cpe:/a:amazon:linux:rubygem24-xmlrpc", "p-cpe:/a:amazon:linux:rubygems24", "p-cpe:/a:amazon:linux:rubygems24-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1422.NASL", "href": "https://www.tenable.com/plugins/nessus/140096", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1422.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140096);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/12\");\n\n script_cve_id(\n \"CVE-2012-6708\",\n \"CVE-2013-0269\",\n \"CVE-2015-9251\",\n \"CVE-2017-17742\",\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\"\n );\n script_bugtraq_id(\n 57899,\n 102792,\n 103684,\n 105658\n );\n script_xref(name:\"ALAS\", value:\"2020-1422\");\n\n script_name(english:\"Amazon Linux AMI : ruby24 (ALAS-2020-1422)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by\nmultiple vulnerabilities as referenced in the ALAS-2020-1422 advisory.\n\n - jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function\n does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery\n determined whether the input was HTML by looking for the '<' character anywhere in the string, giving\n attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery\n only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability\n only to attackers who can control the beginning of a string, which is far less common. (CVE-2012-6708)\n\n - The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to\n cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a\n crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as\n demonstrated by conducting a SQL injection attack against Ruby on Rails, aka Unsafe Object Creation\n Vulnerability. (CVE-2013-0269)\n\n - jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request\n is performed without the dataType option, causing text/javascript responses to be executed.\n (CVE-2015-9251)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows\n an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response\n for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1422.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2012-6708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2015-9251\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16201\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-10663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ruby24' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-0269\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/02/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-minitest5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-net-telnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-power_assert\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-test-unit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-debuginfo-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-devel-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'ruby24-doc-2.4.10-2.12.amzn1', 'release':'ALA'},\n {'reference':'ruby24-irb-2.4.10-2.12.amzn1', 'release':'ALA'},\n {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'ruby24-libs-2.4.10-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-bigdecimal-1.3.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-did_you_mean-1.1.0-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-io-console-0.4.6-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-json-2.0.4-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-minitest5-5.10.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-net-telnet-0.1.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-power_assert-0.4.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-psych-2.2.2-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygem24-rdoc-5.0.1-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-test-unit-3.2.3-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'i686', 'release':'ALA'},\n {'reference':'rubygem24-xmlrpc-0.2.1-2.12.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'rubygems24-2.6.14.4-2.12.amzn1', 'release':'ALA'},\n {'reference':'rubygems24-devel-2.6.14.4-2.12.amzn1', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby24 / ruby24-debuginfo / ruby24-devel / etc\");\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T14:42:03", "description": "Jean-Philippe Aumasson discovered that Ruby incorrectly generated predictable hash values. An attacker could use this issue to generate hash collisions and cause a denial of service. (CVE-2012-5371)\n\nEvgeny Ermakov discovered that documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.\n(CVE-2013-0256)\n\nThomas Hollstegge and Ben Murphy discovered that the JSON implementation in Ruby incorrectly handled certain crafted documents.\nAn attacker could use this issue to cause a denial of service or bypass certain protection mechanisms. (CVE-2013-0269).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2013-02-22T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-5371", "CVE-2013-0256", "CVE-2013-0269"], "modified": "2019-09-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1733-1.NASL", "href": "https://www.tenable.com/plugins/nessus/64799", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1733-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64799);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-5371\", \"CVE-2013-0256\", \"CVE-2013-0269\");\n script_bugtraq_id(56484, 57785, 57899);\n script_xref(name:\"USN\", value:\"1733-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 : ruby1.9.1 vulnerabilities (USN-1733-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jean-Philippe Aumasson discovered that Ruby incorrectly generated\npredictable hash values. An attacker could use this issue to generate\nhash collisions and cause a denial of service. (CVE-2012-5371)\n\nEvgeny Ermakov discovered that documentation generated by rdoc is\nvulnerable to a cross-site scripting issue. With cross-site scripting\nvulnerabilities, if a user were tricked into viewing a specially\ncrafted page, a remote attacker could exploit this to modify the\ncontents, or steal confidential data, within the same domain.\n(CVE-2013-0256)\n\nThomas Hollstegge and Ben Murphy discovered that the JSON\nimplementation in Ruby incorrectly handled certain crafted documents.\nAn attacker could use this issue to cause a denial of service or\nbypass certain protection mechanisms. (CVE-2013-0269).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1733-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libruby1.9.1 and / or ruby1.9.1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libruby1.9.1\", pkgver:\"1.9.3.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"ruby1.9.1\", pkgver:\"1.9.3.0-1ubuntu2.5\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libruby1.9.1\", pkgver:\"1.9.3.194-1ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"ruby1.9.1\", pkgver:\"1.9.3.194-1ubuntu1.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.9.1 / ruby1.9.1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:58:22", "description": "Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1.\n\nCVE-2012-5371\n\nJean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a denial of service (CPU consumption). This is a different vulnerability than CVE-2011-4815.\n\nCVE-2013-0269\n\nThomas Hollstegge and Ben Murphy found that the JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects.\n\nFor the squeeze distribution, theses vulnerabilities have been fixed in version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you upgrade your ruby1.9.1 package.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-07-02T00:00:00", "type": "nessus", "title": "Debian DLA-263-1 : ruby1.9.1 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4815", "CVE-2012-5371", "CVE-2013-0269"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby1.9.1", "p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg", "p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1", "p-cpe:/a:debian:debian_linux:ri1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1-dev", "p-cpe:/a:debian:debian_linux:ruby1.9.1-elisp", "p-cpe:/a:debian:debian_linux:ruby1.9.1-examples", "p-cpe:/a:debian:debian_linux:ruby1.9.1-full", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-263.NASL", "href": "https://www.tenable.com/plugins/nessus/84494", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-263-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84494);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-5371\", \"CVE-2013-0269\");\n script_bugtraq_id(56484, 57899);\n\n script_name(english:\"Debian DLA-263-1 : ruby1.9.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two vulnerabilities were identified in the Ruby language interpreter,\nversion 1.9.1.\n\nCVE-2012-5371\n\nJean-Philippe Aumasson identified that Ruby computed hash values\nwithout properly restricting the ability to trigger hash collisions\npredictably, allowing context-dependent attackers to cause a denial of\nservice (CPU consumption). This is a different vulnerability than\nCVE-2011-4815.\n\nCVE-2013-0269\n\nThomas Hollstegge and Ben Murphy found that the JSON gem for Ruby\nallowed remote attackers to cause a denial of service (resource\nconsumption) or bypass the mass assignment protection mechanism via a\ncrafted JSON document that triggers the creation of arbitrary Ruby\nsymbols or certain internal objects.\n\nFor the squeeze distribution, theses vulnerabilities have been fixed\nin version 1.9.2.0-2+deb6u5 of ruby1.9.1. We recommend that you\nupgrade your ruby1.9.1 package.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/07/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/ruby1.9.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ri1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-full\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libruby1.9.1\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libruby1.9.1-dbg\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libtcltk-ruby1.9.1\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ri1.9.1\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ruby1.9.1\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ruby1.9.1-dev\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ruby1.9.1-elisp\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ruby1.9.1-examples\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"ruby1.9.1-full\", reference:\"1.9.2.0-2+deb6u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-06T14:25:49", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2587 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2021-07-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:ruby", "p-cpe:/a:oracle:linux:ruby-devel", "p-cpe:/a:oracle:linux:ruby-doc", "p-cpe:/a:oracle:linux:ruby-irb", "p-cpe:/a:oracle:linux:ruby-libs", "p-cpe:/a:oracle:linux:rubygem-abrt", "p-cpe:/a:oracle:linux:rubygem-abrt-doc", "p-cpe:/a:oracle:linux:rubygem-bigdecimal", "p-cpe:/a:oracle:linux:rubygem-bson", "p-cpe:/a:oracle:linux:rubygem-bson-doc", "p-cpe:/a:oracle:linux:rubygem-bundler", "p-cpe:/a:oracle:linux:rubygem-bundler-doc", "p-cpe:/a:oracle:linux:rubygem-did_you_mean", "p-cpe:/a:oracle:linux:rubygem-io-console", "p-cpe:/a:oracle:linux:rubygem-json", "p-cpe:/a:oracle:linux:rubygem-minitest", "p-cpe:/a:oracle:linux:rubygem-mongo", "p-cpe:/a:oracle:linux:rubygem-mongo-doc", "p-cpe:/a:oracle:linux:rubygem-mysql2", "p-cpe:/a:oracle:linux:rubygem-mysql2-doc", "p-cpe:/a:oracle:linux:rubygem-net-telnet", "p-cpe:/a:oracle:linux:rubygem-openssl", "p-cpe:/a:oracle:linux:rubygem-pg", "p-cpe:/a:oracle:linux:rubygem-pg-doc", "p-cpe:/a:oracle:linux:rubygem-power_assert", "p-cpe:/a:oracle:linux:rubygem-psych", "p-cpe:/a:oracle:linux:rubygem-rake", "p-cpe:/a:oracle:linux:rubygem-rdoc", "p-cpe:/a:oracle:linux:rubygem-test-unit", "p-cpe:/a:oracle:linux:rubygem-xmlrpc", "p-cpe:/a:oracle:linux:rubygems", "p-cpe:/a:oracle:linux:rubygems-devel"], "id": "ORACLELINUX_ELSA-2021-2587.NASL", "href": "https://www.tenable.com/plugins/nessus/151284", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2587.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151284);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\",\n \"CVE-2020-10933\",\n \"CVE-2020-25613\",\n \"CVE-2021-28965\"\n );\n\n script_name(english:\"Oracle Linux 8 : ruby:2.5 (ELSA-2021-2587)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2587 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not\n properly address XML round-trip issues. An incorrect document can be produced after parsing and\n serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2587.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bundler-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-net-telnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-pg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-power_assert\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-test-unit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/ruby');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.5');\nif ('2.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module ruby:' + module_ver);\n\nappstreams = {\n 'ruby:2.5': [\n {'reference':'ruby-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.5.9-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.5.9-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.5.9-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.3.4-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.3.0+7756+e45777e9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.3.0+7756+e45777e9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-doc-4.3.0-2.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-1.16.1-3.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-did_you_mean-1.2.0-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.6-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-5.10.3-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.5.1-2.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.3.0+7756+e45777e9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.3.0+7756+e45777e9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-net-telnet-0.1.1-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.3.0+7756+e45777e9', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.3.0+7756+e45777e9', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-doc-1.0.0-2.module+el8.3.0+7756+e45777e9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-power_assert-1.1.1-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.0.2-107.module+el8.4.0+20203+c00aa653', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-12.3.3-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-6.0.1.1-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-test-unit-3.2.7-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-xmlrpc-0.3.0-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.7.6.3-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.7.6.3-107.module+el8.4.0+20203+c00aa653', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.5');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-04T15:02:14", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2587 advisory.\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:pcs", "p-cpe:/a:rocky:linux:pcs-snmp", "p-cpe:/a:rocky:linux:rubygem-abrt", "p-cpe:/a:rocky:linux:rubygem-abrt-doc", "p-cpe:/a:rocky:linux:rubygem-bson", "p-cpe:/a:rocky:linux:rubygem-bson-debuginfo", "p-cpe:/a:rocky:linux:rubygem-bson-debugsource", "p-cpe:/a:rocky:linux:rubygem-bson-doc", "p-cpe:/a:rocky:linux:rubygem-bundler", "p-cpe:/a:rocky:linux:rubygem-bundler-doc", "p-cpe:/a:rocky:linux:rubygem-mongo", "p-cpe:/a:rocky:linux:rubygem-mongo-doc", "p-cpe:/a:rocky:linux:rubygem-mysql2", "p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo", "p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource", "p-cpe:/a:rocky:linux:rubygem-mysql2-doc", "p-cpe:/a:rocky:linux:rubygem-pg", "p-cpe:/a:rocky:linux:rubygem-pg-debuginfo", "p-cpe:/a:rocky:linux:rubygem-pg-debugsource", "p-cpe:/a:rocky:linux:rubygem-pg-doc", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-2587.NASL", "href": "https://www.tenable.com/plugins/nessus/157806", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2587.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157806);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\",\n \"CVE-2020-10933\",\n \"CVE-2020-25613\",\n \"CVE-2021-28965\"\n );\n script_xref(name:\"RLSA\", value:\"2021:2587\");\n\n script_name(english:\"Rocky Linux 8 : ruby:2.5 (RLSA-2021:2587)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:2587 advisory.\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not\n properly address XML round-trip issues. An incorrect document can be produced after parsing and\n serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1773728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1789407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1789556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1793683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1827500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1833291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1883623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1947526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1955010\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-0.3'},\n {'reference':'rubygem-abrt-0.4.0-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-0.4'},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-doc-0.3'},\n {'reference':'rubygem-abrt-doc-0.4.0-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-doc-0.4'},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.8'},\n {'reference':'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.8'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.8'},\n {'reference':'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.8'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.8'},\n {'reference':'rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.8'},\n {'reference':'rubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.3'},\n {'reference':'rubygem-bson-doc-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.5'},\n {'reference':'rubygem-bson-doc-4.8.1-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.8'},\n {'reference':'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.11.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.11'},\n {'reference':'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.5'},\n {'reference':'rubygem-mongo-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.8'},\n {'reference':'rubygem-mongo-doc-2.11.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.11'},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.5'},\n {'reference':'rubygem-mongo-doc-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.8'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.4'},\n {'reference':'rubygem-mysql2-doc-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.5'},\n {'reference':'rubygem-mysql2-doc-0.5.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.5'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.2'},\n {'reference':'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.2'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.2'},\n {'reference':'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.2'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.2'},\n {'reference':'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.2'},\n {'reference':'rubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.0'},\n {'reference':'rubygem-pg-doc-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.1'},\n {'reference':'rubygem-pg-doc-1.2.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp / rubygem-abrt / rubygem-abrt-doc / rubygem-bson / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-05T17:08:07", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2588 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. (CVE-2021-28965)\n\n - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. (CVE-2019-3881)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-07T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-3881", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2021-07-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:ruby", "p-cpe:/a:oracle:linux:ruby-devel", "p-cpe:/a:oracle:linux:ruby-doc", "p-cpe:/a:oracle:linux:ruby-libs", "p-cpe:/a:oracle:linux:rubygem-abrt", "p-cpe:/a:oracle:linux:rubygem-abrt-doc", "p-cpe:/a:oracle:linux:rubygem-bigdecimal", "p-cpe:/a:oracle:linux:rubygem-bson", "p-cpe:/a:oracle:linux:rubygem-bson-doc", "p-cpe:/a:oracle:linux:rubygem-bundler", "p-cpe:/a:oracle:linux:rubygem-did_you_mean", "p-cpe:/a:oracle:linux:rubygem-io-console", "p-cpe:/a:oracle:linux:rubygem-irb", "p-cpe:/a:oracle:linux:rubygem-json", "p-cpe:/a:oracle:linux:rubygem-minitest", "p-cpe:/a:oracle:linux:rubygem-mongo", "p-cpe:/a:oracle:linux:rubygem-mongo-doc", "p-cpe:/a:oracle:linux:rubygem-mysql2", "p-cpe:/a:oracle:linux:rubygem-mysql2-doc", "p-cpe:/a:oracle:linux:rubygem-net-telnet", "p-cpe:/a:oracle:linux:rubygem-openssl", "p-cpe:/a:oracle:linux:rubygem-pg", "p-cpe:/a:oracle:linux:rubygem-pg-doc", "p-cpe:/a:oracle:linux:rubygem-power_assert", "p-cpe:/a:oracle:linux:rubygem-psych", "p-cpe:/a:oracle:linux:rubygem-rake", "p-cpe:/a:oracle:linux:rubygem-rdoc", "p-cpe:/a:oracle:linux:rubygem-test-unit", "p-cpe:/a:oracle:linux:rubygem-xmlrpc", "p-cpe:/a:oracle:linux:rubygems", "p-cpe:/a:oracle:linux:rubygems-devel"], "id": "ORACLELINUX_ELSA-2021-2588.NASL", "href": "https://www.tenable.com/plugins/nessus/151449", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2588.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151449);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/07\");\n\n script_cve_id(\n \"CVE-2019-3881\",\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\",\n \"CVE-2020-10933\",\n \"CVE-2020-25613\",\n \"CVE-2021-28965\"\n );\n\n script_name(english:\"Oracle Linux 8 : ruby:2.6 (ELSA-2021-2588)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2588 advisory.\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not\n properly address XML round-trip issues. An incorrect document can be produced after parsing and\n serializing. (CVE-2021-28965)\n\n - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage\n location for gems, if locations under the user's home directory are not available. If Bundler is used in a\n scenario where the user does not have a writable home directory, an attacker could place malicious code in\n this directory that would be later loaded and executed. (CVE-2019-3881)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2588.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-net-telnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-pg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-power_assert\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-test-unit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/ruby');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.6');\nif ('2.6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module ruby:' + module_ver);\n\nappstreams = {\n 'ruby:2.6': [\n {'reference':'ruby-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.6.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module+el8.1.0+5406+ce01f9b9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.1.0+5406+ce01f9b9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.4.1-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.4.1-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.4.1-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-doc-4.5.0-1.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-1.17.2-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-did_you_mean-1.3.0-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.7-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-irb-1.0.0-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-2.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-5.11.3-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.8.0-1.module+el8.1.0+5406+ce01f9b9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-doc-2.8.0-1.module+el8.1.0+5406+ce01f9b9', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-doc-0.5.2-1.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-net-telnet-0.2.0-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-openssl-2.1.2-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-doc-1.1.4-1.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-power_assert-1.1.3-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-3.1.0-107.module+el8.4.0+20235+1e5b8be3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-12.3.3-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-6.1.2-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-test-unit-3.2.9-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-xmlrpc-0.3.0-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-3.0.3.1-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-3.0.3.1-107.module+el8.4.0+20235+1e5b8be3', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.6');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-05T15:06:10", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:2588 advisory.\n\n - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage location for gems, if locations under the user's home directory are not available. If Bundler is used in a scenario where the user does not have a writable home directory, an attacker could place malicious code in this directory that would be later loaded and executed. (CVE-2019-3881)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application- dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip issues. An incorrect document can be produced after parsing and serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0269", "CVE-2017-17742", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-3881", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:pcs", "p-cpe:/a:rocky:linux:pcs-snmp", "p-cpe:/a:rocky:linux:rubygem-abrt", "p-cpe:/a:rocky:linux:rubygem-abrt-doc", "p-cpe:/a:rocky:linux:rubygem-bson", "p-cpe:/a:rocky:linux:rubygem-bson-debuginfo", "p-cpe:/a:rocky:linux:rubygem-bson-debugsource", "p-cpe:/a:rocky:linux:rubygem-bson-doc", "p-cpe:/a:rocky:linux:rubygem-bundler", "p-cpe:/a:rocky:linux:rubygem-bundler-doc", "p-cpe:/a:rocky:linux:rubygem-mongo", "p-cpe:/a:rocky:linux:rubygem-mongo-doc", "p-cpe:/a:rocky:linux:rubygem-mysql2", "p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo", "p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource", "p-cpe:/a:rocky:linux:rubygem-mysql2-doc", "p-cpe:/a:rocky:linux:rubygem-pg", "p-cpe:/a:rocky:linux:rubygem-pg-debuginfo", "p-cpe:/a:rocky:linux:rubygem-pg-debugsource", "p-cpe:/a:rocky:linux:rubygem-pg-doc", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2021-2588.NASL", "href": "https://www.tenable.com/plugins/nessus/157798", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2021:2588.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157798);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\n \"CVE-2019-3881\",\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\",\n \"CVE-2020-10933\",\n \"CVE-2020-25613\",\n \"CVE-2021-28965\"\n );\n script_xref(name:\"RLSA\", value:\"2021:2588\");\n\n script_name(english:\"Rocky Linux 8 : ruby:2.6 (RLSA-2021:2588)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2021:2588 advisory.\n\n - Bundler prior to 2.1.0 uses a predictable path in /tmp/, created with insecure permissions as a storage\n location for gems, if locations under the user's home directory are not available. If Bundler is used in a\n scenario where the user does not have a writable home directory, an attacker could place malicious code in\n this directory that would be later loaded and executed. (CVE-2019-3881)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 mishandles path checking within\n File.fnmatch functions. (CVE-2019-15845)\n\n - WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 has a\n regular expression Denial of Service cause by looping/backtracking. A victim must expose a WEBrick server\n that uses DigestAuth to the Internet or a untrusted network. (CVE-2019-16201)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a\n program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to\n insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this\n issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not\n address an isolated CR or an isolated LF. (CVE-2019-16254)\n\n - Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first\n argument (aka the command argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An\n attacker can exploit this to call an arbitrary Ruby method. (CVE-2019-16255)\n\n - The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through\n 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not\n rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead\n to creation of a malicious object within the interpreter, with adverse effects that are application-\n dependent. (CVE-2020-10663)\n\n - An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls\n BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit\n the requested size, but no data is copied. Thus, the buffer string provides the previous value of the\n heap. This may expose possibly sensitive data from the interpreter. (CVE-2020-10933)\n\n - An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a\n simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An\n attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header\n check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613)\n\n - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not\n properly address XML round-trip issues. An incorrect document can be produced after parsing and\n serializing. (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2021:2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1651826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1773728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1789407\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1789556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1793683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1827500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1833291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1883623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1947526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1952627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1954968\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pcs-snmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-bundler-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rubygem-pg-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pcs-snmp-0.10.8-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-0.3'},\n {'reference':'rubygem-abrt-0.4.0-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-0.4'},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-doc-0.3'},\n {'reference':'rubygem-abrt-doc-0.4.0-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-abrt-doc-0.4'},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.3'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.5'},\n {'reference':'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.8'},\n {'reference':'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-4.8'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.3'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.5'},\n {'reference':'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.8'},\n {'reference':'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debuginfo-4.8'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.3'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.5'},\n {'reference':'rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.8'},\n {'reference':'rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-debugsource-4.8'},\n {'reference':'rubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.3'},\n {'reference':'rubygem-bson-doc-4.5.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.5'},\n {'reference':'rubygem-bson-doc-4.8.1-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-bson-doc-4.8'},\n {'reference':'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module+el8.4.0+592+03ff458a', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.11.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.11'},\n {'reference':'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.5'},\n {'reference':'rubygem-mongo-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-2.8'},\n {'reference':'rubygem-mongo-doc-2.11.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.11'},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.5'},\n {'reference':'rubygem-mongo-doc-2.8.0-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mongo-doc-2.8'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.4'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.4'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debuginfo-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.4'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-debugsource-0.5'},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.4'},\n {'reference':'rubygem-mysql2-doc-0.5.2-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.5'},\n {'reference':'rubygem-mysql2-doc-0.5.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-mysql2-doc-0.5'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.0'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.1'},\n {'reference':'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.2'},\n {'reference':'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-1.2'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.0'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.1'},\n {'reference':'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.2'},\n {'reference':'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debuginfo-1.2'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.0'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.1'},\n {'reference':'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'aarch64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.2'},\n {'reference':'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a', 'cpu':'x86_64', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-debugsource-1.2'},\n {'reference':'rubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.0'},\n {'reference':'rubygem-pg-doc-1.1.4-1.module+el8.4.0+593+8d7f9f0c', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.1'},\n {'reference':'rubygem-pg-doc-1.2.3-1.module+el8.4.0+594+11b6673a', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'rubygem-pg-doc-1.2'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp / rubygem-abrt / rubygem-abrt-doc / rubygem-bson / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-01-11T15:19:59", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)\n\n - rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)\n\n - rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)\n\n - rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-1718)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16395", "CVE-2018-16396", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1718.NASL", "href": "https://www.tenable.com/plugins/nessus/126846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(126846);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-16395\",\n \"CVE-2018-16396\",\n \"CVE-2019-8322\",\n \"CVE-2019-8323\",\n \"CVE-2019-8324\",\n \"CVE-2019-8325\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2019-1718)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - rubygems: Installing a malicious gem may lead to\n arbitrary code execution (CVE-2019-8324)\n\n - rubygems: Escape sequence injection vulnerability in\n gem owner (CVE-2019-8322)\n\n - rubygems: Escape sequence injection vulnerability in\n API response handling (CVE-2019-8323)\n\n - rubygems: Escape sequence injection vulnerability in\n errors (CVE-2019-8325)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1718\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?076b6a05\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h14\",\n \"ruby-irb-2.0.0.648-33.h14\",\n \"ruby-libs-2.0.0.648-33.h14\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-26T14:39:31", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2769 advisory.\n\n - ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)\n\n - rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)\n\n - rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)\n\n - rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)\n\n - rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)\n\n - rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-06-30T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2020:2769)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16396", "CVE-2019-8321", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:2.3:o:redhat:rhel_aus:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:7.4:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:7.4:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby-tcltk:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-json:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-rake:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygems:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby-irb:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-rdoc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:ruby-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-bigdecimal:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-io-console:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-minitest:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygem-psych:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:rubygems-devel:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2020-2769.NASL", "href": "https://www.tenable.com/plugins/nessus/137897", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2769. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137897);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-16396\",\n \"CVE-2019-8321\",\n \"CVE-2019-8322\",\n \"CVE-2019-8323\",\n \"CVE-2019-8324\",\n \"CVE-2019-8325\"\n );\n script_bugtraq_id(105955);\n script_xref(name:\"RHSA\", value:\"2020:2769\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2020:2769)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:2769 advisory.\n\n - ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives\n (CVE-2018-16396)\n\n - rubygems: Escape sequence injection vulnerability in verbose (CVE-2019-8321)\n\n - rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322)\n\n - rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323)\n\n - rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324)\n\n - rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-16396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-8325\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1643089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1692522\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8324\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 88);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ruby-2.0.0.648-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.0.0.648-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.0.0.648-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-37.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-4.3.2-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-37.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-0.9.6-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-4.0.0-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.0.14.1-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.0.14.1-37.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T15:00:22", "description": "The remote Mac OS X host has a version of OS X Server installed that is prior to 3.0. It is, therefore, affected by the following vulnerabilities :\n\n - A denial of service vulnerability exists in the included JSON Ruby Gem, which can be abused to exhaust all available memory resources. (CVE-2013-0269)\n\n - Multiple cross-site scripting vulnerabilities exist in the included Ruby on Rails software. (CVE-2013-1854 / CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)\n\n - A buffer overflow exists in the included FreeRADIUS software that can be triggered when parsing the 'not after' timestamp in a client certificate when using TLS-based EAP methods. (CVE-2012-3547)\n\n - A logic issue exists whereby the RADIUS service could choose an incorrect certificate from a list of configured certificates.", "cvss3": {}, "published": "2013-10-24T00:00:00", "type": "nessus", "title": "Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-3547", "CVE-2013-0269", "CVE-2013-1854", "CVE-2013-1855", "CVE-2013-1856", "CVE-2013-1857", "CVE-2013-5143"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/a:apple:mac_os_x_server"], "id": "MACOSX_SERVER_3_0.NASL", "href": "https://www.tenable.com/plugins/nessus/70590", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(70590);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\n \"CVE-2012-3547\",\n \"CVE-2013-0269\",\n \"CVE-2013-1854\",\n \"CVE-2013-1855\",\n \"CVE-2013-1856\",\n \"CVE-2013-1857\",\n \"CVE-2013-5143\"\n );\n script_bugtraq_id(55483, 57899, 58549, 58552, 58554, 58555, 63285);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2013-10-22-5\");\n\n script_name(english:\"Mac OS X : OS X Server < 3.0 Multiple Vulnerabilities\");\n script_summary(english:\"Checks OS X Server version.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote host is missing a security update for OS X Server.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote Mac OS X host has a version of OS X Server installed that\nis prior to 3.0. It is, therefore, affected by the following\nvulnerabilities :\n\n - A denial of service vulnerability exists in the\n included JSON Ruby Gem, which can be abused to exhaust\n all available memory resources. (CVE-2013-0269)\n\n - Multiple cross-site scripting vulnerabilities exist in\n the included Ruby on Rails software. (CVE-2013-1854 /\n CVE-2013-1855 / CVE-2013-1856 / CVE-2013-1857)\n\n - A buffer overflow exists in the included FreeRADIUS\n software that can be triggered when parsing the 'not\n after' timestamp in a client certificate when using\n TLS-based EAP methods. (CVE-2012-3547)\n\n - A logic issue exists whereby the RADIUS service could\n choose an incorrect certificate from a list of\n configured certificates.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT5999\");\n script_set_attribute(attribute:\"see_also\", value:\"http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X Server version 3.0 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/09/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:mac_os_x_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_server_services.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Server/Version\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Server/Version\");\n\nfixed_version = \"3.0\";\nif (\n ereg(pattern:\"Mac OS X 10\\.[0-6]([^0-9]|$)\", string:os) ||\n ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1\n)\n{\n set_kb_item(name:\"www/0/XSS\", value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"OS X Server\", version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:45:36", "description": "Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nRed Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines.\n\nThe latest packages for Subscription Asset Manager include a number of security fixes :\n\nWhen a Subscription Asset Manager instance is created, its configuration script automatically creates an RPM of the internal subscription service CA certificate. However, this RPM incorrectly created the CA certificate with file permissions of 0666. This allowed other users on a client system to modify the CA certificate used to trust the remote subscription server. All administrators are advised to update and deploy the subscription service certificate on all systems which use Subscription Asset Manager as their subscription service. This procedure is described in:\nhttps://access.redhat.com/knowledge/docs/en-US/ Red_Hat_Subscription_Asset_Manager/1.2/html/Installation_Guide/ sect-Installation_Guide-Administration-Upgrading_Subscription_Asset_Ma nager.html (CVE-2012-6116)\n\nManifest signature checking was not implemented for early versions of Subscription Asset Manager. This meant that a malicious user could edit a manifest file, insert arbitrary data, and successfully upload the edited manifest file into the Subscription Asset Manager server.\n(CVE-2012-6119)\n\nRuby's documentation generator had a flaw in the way it generated HTML documentation. When a Ruby application exposed its documentation on a network (such as a web page), an attacker could use a specially- crafted URL to open an arbitrary web script or to execute HTML code within the application's user session. (CVE-2013-0256)\n\nA timing attack flaw was found in the way rubygem-rack and ruby193-rubygem-rack processed HMAC digests in cookies. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2013-0263)\n\nA flaw in rubygem-json allowed remote attacks by creating different types of malicious objects. For example, it could initiate a denial of service (DoS) attack through resource consumption by using a JSON document to create arbitrary Ruby symbols, which were never garbage collected. It could also be exploited to create internal objects which could allow a SQL injection attack. (CVE-2013-0269)\n\nA flaw in ActiveRecord in Ruby on Rails allowed remote attackers to circumvent attribute protections and to insert their own crafted requests to change protected attribute values. (CVE-2013-0276)\n\nHTML markup was not properly escaped when filling in the username field in the Notifications form of the Subscription Asset Manager UI.\nThis meant that HTML code used in the value was then applied in the UI page when the entry was viewed. This could have allowed malicious HTML code to be entered. The field value is now validated and any HTML tags are escaped. (CVE-2013-1823)\n\nThese updated packages also include bug fixes and enhancements :\n\n* Previously, no SELinux policy for the subscription service was included with the Subscription Asset Manager packages. The candlepin-selinux package is now included with SELinux policies for the subscription server. (BZ#906901)\n\n* When attempting to use the subscription service's CA certificate to validate a manifest during import, the comparison failed. The upstream subscription service which generated the manifest is a different service than the local subscription service; thus, they have different CA certificates. This caused importing a manifest to fail with the error 'archive failed signature'. This has been fixed so that the proper certificate is used for verification. (BZ#918778)\n\nAll users of Subscription Asset Manager are recommended to update to the latest packages.", "cvss3": {}, "published": "2013-04-10T00:00:00", "type": "nessus", "title": "RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6116", "CVE-2012-6119", "CVE-2013-0256", "CVE-2013-0263", "CVE-2013-0269", "CVE-2013-0276", "CVE-2013-1823"], "modified": "2014-05-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:candlepin", "p-cpe:/a:redhat:enterprise_linux:candlepin-devel", "p-cpe:/a:redhat:enterprise_linux:candlepin-selinux", "p-cpe:/a:redhat:enterprise_linux:candlepin-tomcat6", "p-cpe:/a:redhat:enterprise_linux:katello-common", "p-cpe:/a:redhat:enterprise_linux:katello-configure", "p-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin", "p-cpe:/a:redhat:enterprise_linux:katello-headpin", "p-cpe:/a:redhat:enterprise_linux:katello-headpin-all", "p-cpe:/a:redhat:enterprise_linux:ruby-nokogiri", "p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack", "p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel", "p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-delayed_job", "p-cpe:/a:redhat:enterprise_linux:rubygem-delayed_job-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-rack", "p-cpe:/a:redhat:enterprise_linux:rubygem-rails_warden", "p-cpe:/a:redhat:enterprise_linux:rubygem-rails_warden-doc", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc-doc", "p-cpe:/a:redhat:enterprise_linux:thumbslug", "p-cpe:/a:redhat:enterprise_linux:thumbslug-selinux", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2013-0686.NASL", "href": "https://www.tenable.com/plugins/nessus/65904", "sourceData": "#%NASL_MIN_LEVEL 999999\n\n# @DEPRECATED@\n#\n# Disabled on 2013/06/06.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0686. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(65904);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/20 0:18:52\");\n\n script_cve_id(\"CVE-2012-6116\", \"CVE-2012-6119\", \"CVE-2013-0256\", \"CVE-2013-0263\", \"CVE-2013-0269\", \"CVE-2013-0276\", \"CVE-2013-1823\");\n script_xref(name:\"RHSA\", value:\"2013:0686\");\n\n script_name(english:\"RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Red Hat Subscription Asset Manager 1.2.1, which fixes several security\nissues, multiple bugs, and adds various enhancements, is now\navailable.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRed Hat Subscription Asset Manager acts as a proxy for handling\nsubscription information and software updates on client machines.\n\nThe latest packages for Subscription Asset Manager include a number of\nsecurity fixes :\n\nWhen a Subscription Asset Manager instance is created, its\nconfiguration script automatically creates an RPM of the internal\nsubscription service CA certificate. However, this RPM incorrectly\ncreated the CA certificate with file permissions of 0666. This allowed\nother users on a client system to modify the CA certificate used to\ntrust the remote subscription server. All administrators are advised\nto update and deploy the subscription service certificate on all\nsystems which use Subscription Asset Manager as their subscription\nservice. This procedure is described in:\nhttps://access.redhat.com/knowledge/docs/en-US/\nRed_Hat_Subscription_Asset_Manager/1.2/html/Installation_Guide/\nsect-Installation_Guide-Administration-Upgrading_Subscription_Asset_Ma\nnager.html (CVE-2012-6116)\n\nManifest signature checking was not implemented for early versions of\nSubscription Asset Manager. This meant that a malicious user could\nedit a manifest file, insert arbitrary data, and successfully upload\nthe edited manifest file into the Subscription Asset Manager server.\n(CVE-2012-6119)\n\nRuby's documentation generator had a flaw in the way it generated HTML\ndocumentation. When a Ruby application exposed its documentation on a\nnetwork (such as a web page), an attacker could use a specially-\ncrafted URL to open an arbitrary web script or to execute HTML code\nwithin the application's user session. (CVE-2013-0256)\n\nA timing attack flaw was found in the way rubygem-rack and\nruby193-rubygem-rack processed HMAC digests in cookies. This flaw\ncould aid an attacker using forged digital signatures to bypass\nauthentication checks. (CVE-2013-0263)\n\nA flaw in rubygem-json allowed remote attacks by creating different\ntypes of malicious objects. For example, it could initiate a denial of\nservice (DoS) attack through resource consumption by using a JSON\ndocument to create arbitrary Ruby symbols, which were never garbage\ncollected. It could also be exploited to create internal objects which\ncould allow a SQL injection attack. (CVE-2013-0269)\n\nA flaw in ActiveRecord in Ruby on Rails allowed remote attackers to\ncircumvent attribute protections and to insert their own crafted\nrequests to change protected attribute values. (CVE-2013-0276)\n\nHTML markup was not properly escaped when filling in the username\nfield in the Notifications form of the Subscription Asset Manager UI.\nThis meant that HTML code used in the value was then applied in the UI\npage when the entry was viewed. This could have allowed malicious HTML\ncode to be entered. The field value is now validated and any HTML tags\nare escaped. (CVE-2013-1823)\n\nThese updated packages also include bug fixes and enhancements :\n\n* Previously, no SELinux policy for the subscription service was\nincluded with the Subscription Asset Manager packages. The\ncandlepin-selinux package is now included with SELinux policies for\nthe subscription server. (BZ#906901)\n\n* When attempting to use the subscription service's CA certificate to\nvalidate a manifest during import, the comparison failed. The upstream\nsubscription service which generated the manifest is a different\nservice than the local subscription service; thus, they have different\nCA certificates. This caused importing a manifest to fail with the\nerror 'archive failed signature'. This has been fixed so that the\nproper certificate is used for verification. (BZ#918778)\n\nAll users of Subscription Asset Manager are recommended to update to\nthe latest packages.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6116.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2012-6119.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0256.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0263.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0269.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-0276.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2013-1823.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2013-0686.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:candlepin-tomcat6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-configure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-glue-candlepin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-headpin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:katello-headpin-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-delayed_job\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-delayed_job-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-nokogiri-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rails_warden\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rails_warden-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thumbslug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:thumbslug-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\n# Deprecated\nexit(0, \"This plugin has been temporarily deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL6\", reference:\"candlepin-0.7.24-1.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"candlepin-devel-0.7.24-1.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"candlepin-selinux-0.7.24-1.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"candlepin-tomcat6-0.7.24-1.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"katello-common-1.2.1.1-1h.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"katello-configure-1.2.3.1-4h.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"katello-glue-candlepin-1.2.1.1-1h.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"katello-headpin-1.2.1.1-1h.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"katello-headpin-all-1.2.1.1-1h.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-nokogiri-1.5.0-0.9.beta4.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-actionpack-3.0.10-12.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-activemodel-3.0.10-3.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-activemodel-doc-3.0.10-3.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-delayed_job-2.1.4-3.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-delayed_job-doc-2.1.4-3.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.3-2.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-json-debuginfo-1.7.3-2.el6_3\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-nokogiri-1.5.0-0.9.beta4.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"rubygem-nokogiri-debuginfo-1.5.0-0.9.beta4.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-nokogiri-doc-1.5.0-0.9.beta4.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-rack-1.3.0-4.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-rails_warden-0.5.5-2.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-rails_warden-doc-0.5.5-2.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-rdoc-3.8-6.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"rubygem-rdoc-doc-3.8-6.el6cf\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"thumbslug-0.0.28.1-1.el6_4\")) flag++;\nif (rpm_check(release:\"RHEL6\", reference:\"thumbslug-selinux-0.0.28.1-1.el6_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:22:52", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.(CVE-2018-16396)** RESERVED\n ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8322)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.\n When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8323)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8324)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8325)An exploitable heap overflow vulnerability exists in the Fiddle::Function.new ''initialize'' function functionality of Ruby. In Fiddle::Function.new ''initialize'' heap buffer ''arg_types'' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)Type confusion exists in\n _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as ''retval'' argument can cause arbitrary code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2016-2339", "CVE-2018-16395", "CVE-2018-16396", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1617.NASL", "href": "https://www.tenable.com/plugins/nessus/125569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2016-2337\",\n \"CVE-2016-2339\",\n \"CVE-2018-16395\",\n \"CVE-2018-16396\",\n \"CVE-2019-8322\",\n \"CVE-2019-8323\",\n \"CVE-2019-8324\",\n \"CVE-2019-8325\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Ruby is an extensible, interpreted, object-oriented,\n scripting language. It has features to process text\n files and to perform system management tasks.Security\n Fix(es):An issue was discovered in the OpenSSL library\n in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before\n 2.5.2, and 2.6.x before 2.6.0-preview3. When two\n OpenSSL::X509::Name objects are compared using ==,\n depending on the ordering, non-equal objects may return\n true. When the first argument is one character longer\n than the second, or the second argument contains a\n character that is one less than a character in the same\n position of the first argument, the result of == will\n be true. This could be leveraged to create an\n illegitimate certificate that may be accepted as\n legitimate and then used in signing or encryption\n operations.(CVE-2018-16395)An issue was discovered in\n Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before\n 2.5.2, and 2.6.x before 2.6.0-preview3. It does not\n taint strings that result from unpacking tainted\n strings with some formats.(CVE-2018-16396)** RESERVED\n ** This candidate has been reserved by an organization\n or individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2019-8322)** RESERVED ** This candidate\n has been reserved by an organization or individual that\n will use it when announcing a new security problem.\n When the candidate has been publicized, the details for\n this candidate will be provided.(CVE-2019-8323)**\n RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-8324)** RESERVED ** This\n candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2019-8325)An exploitable heap overflow\n vulnerability exists in the Fiddle::Function.new\n ''initialize'' function functionality of Ruby. In\n Fiddle::Function.new ''initialize'' heap buffer\n ''arg_types'' allocation is made based on args array\n length. Specially constructed object passed as element\n of args array can increase this array size after\n mentioned allocation and cause heap\n overflow.(CVE-2016-2339)Type confusion exists in\n _cancel_eval Ruby's TclTkIp class method. Attacker\n passing different type of object than String as\n ''retval'' argument can cause arbitrary code\n execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1617\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5681a400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h13\",\n \"ruby-irb-2.0.0.648-33.h13\",\n \"ruby-libs-2.0.0.648-33.h13\",\n \"rubygem-bigdecimal-1.2.0-33.h13\",\n \"rubygem-io-console-0.4.2-33.h13\",\n \"rubygem-json-1.7.7-33.h13\",\n \"rubygem-psych-2.0.0-33.h13\",\n \"rubygem-rdoc-4.0.0-33.h13\",\n \"rubygems-2.0.14.1-33.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-03-05T17:05:26", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2587 advisory.\n\n - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)\n\n - ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)\n\n - ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\n - ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\n - ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)\n\n - ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n - ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "CentOS 8 : ruby:2.5 (CESA-2021:2587)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2021-06-29T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:rubygem-abrt", "p-cpe:/a:centos:centos:rubygem-abrt-doc", "p-cpe:/a:centos:centos:rubygem-bson", "p-cpe:/a:centos:centos:rubygem-bson-doc", "p-cpe:/a:centos:centos:rubygem-bundler", "p-cpe:/a:centos:centos:rubygem-bundler-doc", "p-cpe:/a:centos:centos:rubygem-mongo", "p-cpe:/a:centos:centos:rubygem-mongo-doc", "p-cpe:/a:centos:centos:rubygem-mysql2", "p-cpe:/a:centos:centos:rubygem-mysql2-doc", "p-cpe:/a:centos:centos:rubygem-pg", "p-cpe:/a:centos:centos:rubygem-pg-doc"], "id": "CENTOS8_RHSA-2021-2587.NASL", "href": "https://www.tenable.com/plugins/nessus/151147", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:2587. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151147);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\",\n \"CVE-2020-10933\",\n \"CVE-2020-25613\",\n \"CVE-2021-28965\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2587\");\n\n script_name(english:\"CentOS 8 : ruby:2.5 (CESA-2021:2587)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:2587 advisory.\n\n - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)\n\n - ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication\n (CVE-2019-16201)\n\n - ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\n - ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\n - ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)\n\n - ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n - ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2587\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16255\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-abrt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-abrt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bson\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bson-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bundler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bundler-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-mongo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-mongo-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-mysql2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-mysql2-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-pg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-pg-doc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'rubygem-abrt-0.3.0-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-0.3.0-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-abrt-doc-0.3.0-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.3.0-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-4.3.0-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-doc-4.3.0-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bson-doc-4.3.0-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-1.16.1-3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-1.16.1-3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bundler-doc-1.16.1-3.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.5.1-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-2.5.1-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mongo-doc-2.5.1-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.4.10-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-0.4.10-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-mysql2-doc-0.4.10-4.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.0.0-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-1.0.0-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-doc-1.0.0-2.module_el8.1.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-pg-doc-1.0.0-2.module_el8.1.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rubygem-abrt / rubygem-abrt-doc / rubygem-bson / rubygem-bson-doc / etc');\n}\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-03-05T17:06:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2587 advisory.\n\n - ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845)\n\n - ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201)\n\n - ruby: HTTP response splitting in WEBrick (CVE-2019-16254)\n\n - ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255)\n\n - rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663)\n\n - ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933)\n\n - ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613)\n\n - ruby: XML round-trip vulnerability in REXML (CVE-2021-28965)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-06-29T00:00:00", "type": "nessus", "title": "RHEL 8 : ruby:2.5 (RHSA-2021:2587)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2020-10663", "CVE-2020-10933", "CVE-2020-25613", "CVE-2021-28965"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.4", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:ruby",
Medium: ruby20
