ID CVE-2008-2662 Type cve Reporter cve@mitre.org Modified 2018-11-01T15:02:00
Description
Multiple integer overflows in the rb_str_buf_append function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allow context-dependent attackers to execute arbitrary code or cause a denial of service via unknown vectors that trigger memory corruption, a different issue than CVE-2008-2663, CVE-2008-2664, and CVE-2008-2725. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. This CVE description should be regarded as authoritative, although it is likely to change.
{"securityvulns": [{"lastseen": "2018-08-31T11:09:30", "bulletinFamily": "software", "description": "No description provided", "modified": "2008-07-03T00:00:00", "published": "2008-07-03T00:00:00", "id": "SECURITYVULNS:VULN:9117", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9117", "title": "Ruby multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:26", "bulletinFamily": "software", "description": "rPath Security Advisory: 2008-0206-1\r\nPublished: 2008-06-26\r\nProducts:\r\n rPath Appliance Platform Linux Service 1\r\n rPath Appliance Platform Linux Service 2\r\n rPath Linux 1\r\n rPath Linux 2\r\n\r\nRating: Severe\r\nExposure Level Classification:\r\n Remote User Deterministic Privilege Escalation\r\nUpdated Versions:\r\n ruby=conary.rpath.com@rpl:1/1.8.6_p230-0.3-1\r\n ruby=conary.rpath.com@rpl:2/1.8.6_p230-2-0.1\r\n\r\nrPath Issue Tracking System:\r\n https://issues.rpath.com/browse/RPL-2626\r\n\r\nReferences:\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664\r\n http://preview.ruby-lang.org/en/news/2008/06/20/arbitrary-code-execution-vulnerabilities\r\n\r\nDescription:\r\n Previous versions of the ruby package contain multiple vulnerabilities,\r\n the most serious of which allow users to execute arbitrary code with\r\n elevated privileges.\r\n\r\nhttp://wiki.rpath.com/Advisories:rPSA-2008-0206\r\n\r\nCopyright 2008 rPath, Inc.\r\nThis file is distributed under the terms of the MIT License.\r\nA copy is available at http://www.rpath.com/permanent/mit-license.html", "modified": "2008-06-27T00:00:00", "published": "2008-06-27T00:00:00", "id": "SECURITYVULNS:DOC:20092", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20092", "title": "rPSA-2008-0206-1 ruby", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:37:36", "bulletinFamily": "exploit", "description": "BUGTRAQ ID: 29903\r\nCVE(CAN) ID: CVE-2008-2662,CVE-2008-2663,CVE-2008-2725,CVE-2008-2726,CVE-2008-2664\r\n\r\nRuby\u662f\u4e00\u79cd\u529f\u80fd\u5f3a\u5927\u7684\u9762\u5411\u5bf9\u8c61\u7684\u811a\u672c\u8bed\u8a00\u3002\r\n\r\nRuby\u7684array.c\u6587\u4ef6\u4e2d\u7684ary_new()\u3001rb_ary_initialize()\u3001rb_ary_store()\u3001rb_ary_times()\u548crb_ary_splice()\u51fd\u6570\u4e2d\u5b58\u5728\u591a\u4e2a\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u5411\u8fd9\u4e9b\u51fd\u6570\u63d0\u4ea4\u4e86\u8d85\u957f\u53c2\u6570\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nRuby\u7684rb_str_buf_append()\u51fd\u6570\u6ca1\u6709\u6b63\u786e\u7684\u8c03\u7528alloca()\uff0c\u5982\u679c\u8fdc\u7a0b\u653b\u51fb\u8005\u63d0\u4ea4\u4e86\u6076\u610f\u53c2\u6570\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u6574\u6570\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nYukihiro Matsumoto Ruby 1.9.x\r\nYukihiro Matsumoto Ruby 1.8.x\n Yukihiro Matsumoto\r\n------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz target=_blank>ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p231.tar.gz</a>\r\n<a href=ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz target=_blank>ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6-p230.tar.gz</a>\r\n<a href=ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz target=_blank>ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p22.tar.gz</a>\r\n<a href=ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-2.tar.gz target=_blank>ftp://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.0-2.tar.gz</a>", "modified": "2008-06-28T00:00:00", "published": "2008-06-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3488", "id": "SSV:3488", "type": "seebug", "title": "Ruby\u591a\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:00", "bulletinFamily": "unix", "description": "Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nDrew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. (CVE-2008-2664)", "modified": "2008-06-26T00:00:00", "published": "2008-06-26T00:00:00", "id": "USN-621-1", "href": "https://usn.ubuntu.com/621-1/", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-12-04T11:29:38", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-621-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840243", "id": "OPENVAS:840243", "title": "Ubuntu Update for ruby1.8 vulnerabilities USN-621-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_621_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ruby1.8 vulnerabilities USN-621-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Drew Yao discovered several vulnerabilities in Ruby which lead to integer\n overflows. If a user or automated system were tricked into running a\n malicious script, an attacker could cause a denial of service or execute\n arbitrary code with the privileges of the user invoking the program.\n (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\n Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA.\n If a user or automated system were tricked into running a malicious script,\n an attacker could cause a denial of service via memory corruption.\n (CVE-2008-2664)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-621-1\";\ntag_affected = \"ruby1.8 vulnerabilities on Ubuntu 6.06 LTS ,\n Ubuntu 7.04 ,\n Ubuntu 7.10 ,\n Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-621-1/\");\n script_id(840243);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"621-1\");\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_name( \"Ubuntu Update for ruby1.8 vulnerabilities USN-621-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.4-1ubuntu1.5\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.5-4ubuntu2.2\", rls:\"UBUNTU7.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.6.111-2ubuntu1.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU7.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.6.36-1ubuntu3.2\", rls:\"UBUNTU7.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-179-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231061462", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231061462", "title": "Slackware Advisory SSA:2008-179-01 ruby", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_179_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.61462\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2008-179-01 ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(11\\.0|12\\.0|12\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-179-01\");\n\n script_tag(name:\"insight\", value:\"New ruby packages are available for Slackware 11.0, 12.0, 12.1, and -current to\nfix security issues.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2008-179-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:51:06", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2008-179-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=61462", "id": "OPENVAS:61462", "title": "Slackware Advisory SSA:2008-179-01 ruby", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2008_179_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New ruby packages are available for Slackware 11.0, 12.0, 12.1, and -current to\nfix security issues.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2008-179-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2008-179-01\";\n \nif(description)\n{\n script_id(61462);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6598 $\");\n name = \"Slackware Advisory SSA:2008-179-01 ruby \";\n script_name(name);\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"ruby\", ver:\"1.8.6_p230-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-09T11:41:12", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870154", "id": "OPENVAS:1361412562310870154", "title": "RedHat Update for ruby RHSA-2008:0561-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0561-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n Multiple integer overflows leading to a heap overflow were discovered in\n the array- and string-handling code used by Ruby. An attacker could use\n these flaws to crash a Ruby application or, possibly, execute arbitrary\n code with the privileges of the Ruby application using untrusted inputs in\n array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,\n CVE-2008-2725, CVE-2008-2726)\n \n It was discovered that Ruby used the alloca() memory allocation function in\n the format (%) method of the String class without properly restricting\n maximum string length. An attacker could use this flaw to crash a Ruby\n application or, possibly, execute arbitrary code with the privileges of the\n Ruby application using long, untrusted strings as format strings.\n (CVE-2008-2664)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting these issues.\n \n Users of Ruby should upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00011.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870154\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0561-01\");\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\", \"CVE-2008-2376\");\n script_name( \"RedHat Update for ruby RHSA-2008:0561-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-27T10:56:38", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870154", "id": "OPENVAS:870154", "title": "RedHat Update for ruby RHSA-2008:0561-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2008:0561-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an interpreted scripting language for quick and easy\n object-oriented programming.\n\n Multiple integer overflows leading to a heap overflow were discovered in\n the array- and string-handling code used by Ruby. An attacker could use\n these flaws to crash a Ruby application or, possibly, execute arbitrary\n code with the privileges of the Ruby application using untrusted inputs in\n array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,\n CVE-2008-2725, CVE-2008-2726)\n \n It was discovered that Ruby used the alloca() memory allocation function in\n the format (%) method of the String class without properly restricting\n maximum string length. An attacker could use this flaw to crash a Ruby\n application or, possibly, execute arbitrary code with the privileges of the\n Ruby application using long, untrusted strings as format strings.\n (CVE-2008-2664)\n \n Red Hat would like to thank Drew Yao of the Apple Product Security team for\n reporting these issues.\n \n Users of Ruby should upgrade to these updated packages, which contain a\n backported patch to resolve these issues.\";\n\ntag_affected = \"ruby on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4,\n Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-July/msg00011.html\");\n script_id(870154);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"RHSA\", value: \"2008:0561-01\");\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\", \"CVE-2008-2376\");\n script_name( \"RedHat Update for ruby RHSA-2008:0561-01\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~5.el5_2.3\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"irb\", rpm:\"irb~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.1~7.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:32", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2008-0561", "modified": "2018-09-28T00:00:00", "published": "2015-10-08T00:00:00", "id": "OPENVAS:1361412562310122569", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122569", "title": "Oracle Linux Local Check: ELSA-2008-0561", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2008-0561.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122569\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-08 14:48:17 +0300 (Thu, 08 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2008-0561\");\n script_tag(name:\"insight\", value:\"ELSA-2008-0561 - ruby security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2008-0561\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2008-0561.html\");\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~5.el5_2.3\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:57:12", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860282", "id": "OPENVAS:860282", "title": "Fedora Update for ruby FEDORA-2008-5649", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby FEDORA-2008-5649\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby on Fedora 8\";\ntag_insight = \"Ruby is the interpreted scripting language for quick and easy\n object-oriented programming. It has many features to process text\n files and to do system management tasks (as in Perl). It is simple,\n straight-forward, and extensible.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00925.html\");\n script_id(860282);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 16:50:22 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-5649\");\n script_cve_id(\"CVE-2008-1891\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\", \"CVE-2007-5162\", \"CVE-2008-1145\");\n script_name( \"Fedora Update for ruby FEDORA-2008-5649\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.230~1.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:56:17", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830508", "id": "OPENVAS:830508", "title": "Mandriva Update for ruby MDVSA-2008:140 (ruby)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for ruby MDVSA-2008:140 (ruby)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in the Ruby interpreter and\n in Webrick, the webserver bundled with Ruby.\n\n Directory traversal vulnerability in WEBrick in Ruby 1.9.0\n and earlier, when using NTFS or FAT filesystems, allows remote\n attackers to read arbitrary CGI files via a trailing (1) + (plus),\n (2) %2b (encoded plus), (3) . (dot), (4) %2e (encoded dot), or\n (5) %20 (encoded space) character in the URI, possibly related to\n the WEBrick::HTTPServlet::FileHandler and WEBrick::HTTPServer.new\n functionality and the :DocumentRoot option. (CVE-2008-1891)\n \n Multiple integer overflows in the rb_str_buf_append function in\n Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before\n 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2\n allow context-dependent attackers to execute arbitrary code or\n cause a denial of service via unknown vectors that trigger memory\n corruption. (CVE-2008-2662)\n \n Multiple integer overflows in the rb_ary_store function in Ruby\n 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,\n and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to\n execute arbitrary code or cause a denial of service via unknown\n vectors. (CVE-2008-2663)\n \n The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before\n 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0\n before 1.9.0-2 allows context-dependent attackers to trigger memory\n corruption via unspecified vectors related to alloca. (CVE-2008-2664)\n \n Integer overflow in the rb_ary_splice function in Ruby 1.8.4\n and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,\n and 1.8.7 before 1.8.7-p22 allows context-dependent attackers to\n trigger memory corruption via unspecified vectors, aka the REALLOC_N\n variant. (CVE-2008-2725)\n \n Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and\n earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before\n 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers\n to trigger memory corruption, aka the beg + rlen issue. (CVE-2008-2726)\n \n Integer overflow in the rb_ary_fill function in array.c in Ruby before\n revision 17756 allows context-dependent attackers to cause a denial\n of service (crash) or possibly have unspecified other impact via a\n call to the Array#fill method with a start (aka beg) argument greater\n than ARY_MAX_SIZE. (CVE-2008-2376)\n \n The updated packages have been patched to fix these issues.\";\n\ntag_affected = \"ruby on Mandriva Linux 2008.1,\n Mandriva Linux 2008.1/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-07/msg00019.php\");\n script_id(830508);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:26:37 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"MDVSA\", value: \"2008:140\");\n script_cve_id(\"CVE-2008-1891\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\", \"CVE-2008-2376\");\n script_name( \"Mandriva Update for ruby MDVSA-2008:140 (ruby)\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6~9p114.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.6~9p114.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~1.8.6~9p114.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tk\", rpm:\"ruby-tk~1.8.6~9p114.1mdv2008.1\", rls:\"MNDK_2008.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:53", "bulletinFamily": "scanner", "description": "Check for the Version of ruby", "modified": "2017-07-10T00:00:00", "published": "2009-02-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860177", "id": "OPENVAS:860177", "title": "Fedora Update for ruby FEDORA-2008-6033", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby FEDORA-2008-6033\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"ruby on Fedora 9\";\ntag_insight = \"Ruby is the interpreted scripting language for quick and easy\n object-oriented programming. It has many features to process text\n files and to do system management tasks (as in Perl). It is simple,\n straight-forward, and extensible.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00112.html\");\n script_id(860177);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-17 17:01:32 +0100 (Tue, 17 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2008-6033\");\n script_cve_id(\"CVE-2008-1891\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\", \"CVE-2007-5162\", \"CVE-2008-2376\");\n script_name( \"Fedora Update for ruby FEDORA-2008-6033\");\n\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC9\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.6.230~4.fc9\", rls:\"FC9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:30", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ruby\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5033480 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-10-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065417", "id": "OPENVAS:136141256231065417", "title": "SLES9: Security update for Ruby", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5033480.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for Ruby\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ruby\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5033480 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.65417\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-10 16:11:46 +0200 (Sat, 10 Oct 2009)\");\n script_cve_id(\"CVE-2008-2726\", \"CVE-2008-2725\", \"CVE-2008-1145\", \"CVE-2008-1891\", \"CVE-2008-2664\", \"CVE-2008-2663\", \"CVE-2008-2662\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SLES9: Security update for Ruby\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.1~42.24\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:11:02", "bulletinFamily": "scanner", "description": "Drew Yao discovered several vulnerabilities in Ruby which lead to integer overflows. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service or execute arbitrary code with the privileges of the user invoking the program. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nDrew Yao discovered that Ruby did not sanitize its input when using ALLOCA. If a user or automated system were tricked into running a malicious script, an attacker could cause a denial of service via memory corruption. (CVE-2008-2664).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "UBUNTU_USN-621-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33390", "published": "2008-07-02T00:00:00", "title": "Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-621-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-621-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33390);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903);\n script_xref(name:\"USN\", value:\"621-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : ruby1.8 vulnerabilities (USN-621-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Drew Yao discovered several vulnerabilities in Ruby which lead to\ninteger overflows. If a user or automated system were tricked into\nrunning a malicious script, an attacker could cause a denial of\nservice or execute arbitrary code with the privileges of the user\ninvoking the program. (CVE-2008-2662, CVE-2008-2663, CVE-2008-2725,\nCVE-2008-2726)\n\nDrew Yao discovered that Ruby did not sanitize its input when using\nALLOCA. If a user or automated system were tricked into running a\nmalicious script, an attacker could cause a denial of service via\nmemory corruption. (CVE-2008-2664).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/621-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:7.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2008-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|7\\.04|7\\.10|8\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 7.04 / 7.10 / 8.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"irb1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"rdoc1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ri1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.4-1ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"irb1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ri1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.5-4ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"irb1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"rdoc1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ri1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ruby1.8\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"7.10\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.6.36-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"irb1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ri1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.6.111-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb1.8 / libdbm-ruby1.8 / libgdbm-ruby1.8 / libopenssl-ruby1.8 / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:01:14", "bulletinFamily": "scanner", "description": "New ruby packages are available for Slackware 11.0, 12.0, 12.1, and\n-current to fix security issues.", "modified": "2018-06-27T00:00:00", "published": "2008-07-02T00:00:00", "id": "SLACKWARE_SSA_2008-179-01.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33287", "title": "Slackware 11.0 / 12.0 / 12.1 / current : ruby (SSA:2008-179-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2008-179-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33287);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903);\n script_xref(name:\"SSA\", value:\"2008-179-01\");\n\n script_name(english:\"Slackware 11.0 / 12.0 / 12.1 / current : ruby (SSA:2008-179-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 11.0, 12.0, 12.1, and\n-current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12fdb4f2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"11.0\", pkgname:\"ruby\", pkgver:\"1.8.6_p230\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"ruby\", pkgver:\"1.8.6_p230\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"ruby\", pkgver:\"1.8.6_p230\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"1.8.6_p230\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:01", "bulletinFamily": "scanner", "description": "- Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1\n\n - New upstream release.\n\n - Security fixes. (#452294).\n\n - CVE-2008-1891: WEBrick CGI source disclosure.\n\n - CVE-2008-2662: Integer overflow in rb_str_buf_append().\n\n - CVE-2008-2663: Integer overflow in rb_ary_store().\n\n - CVE-2008-2664: Unsafe use of alloca in rb_str_format().\n\n - CVE-2008-2725: Integer overflow in rb_ary_splice().\n\n - CVE-2008-2726: Integer overflow in rb_ary_splice().\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: removed.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2008-5664.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33261", "published": "2008-06-26T00:00:00", "title": "Fedora 9 : ruby-1.8.6.230-1.fc9 (2008-5664)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5664.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33261);\n script_version (\"$Revision: 1.15 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:53 $\");\n\n script_cve_id(\"CVE-2008-1891\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903);\n script_xref(name:\"FEDORA\", value:\"2008-5664\");\n\n script_name(english:\"Fedora 9 : ruby-1.8.6.230-1.fc9 (2008-5664)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.230-1\n\n - New upstream release.\n\n - Security fixes. (#452294).\n\n - CVE-2008-1891: WEBrick CGI source disclosure.\n\n - CVE-2008-2662: Integer overflow in\n rb_str_buf_append().\n\n - CVE-2008-2663: Integer overflow in rb_ary_store().\n\n - CVE-2008-2664: Unsafe use of alloca in\n rb_str_format().\n\n - CVE-2008-2725: Integer overflow in rb_ary_splice().\n\n - CVE-2008-2726: Integer overflow in rb_ary_splice().\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: removed.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=443829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451828\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-July/012896.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25529376\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011680.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d96a106c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"ruby-1.8.6.230-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:04", "bulletinFamily": "scanner", "description": "Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy object-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues.", "modified": "2018-11-27T00:00:00", "id": "REDHAT-RHSA-2008-0561.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33495", "published": "2008-07-15T00:00:00", "title": "RHEL 4 / 5 : ruby (RHSA-2008:0561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0561. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33495);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2018/11/27 13:31:32\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903, 30036);\n script_xref(name:\"RHSA\", value:\"2008:0561\");\n\n script_name(english:\"RHEL 4 / 5 : ruby (RHSA-2008:0561)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered\nin the array- and string-handling code used by Ruby. An attacker could\nuse these flaws to crash a Ruby application or, possibly, execute\narbitrary code with the privileges of the Ruby application using\nuntrusted inputs in array or string operations. (CVE-2008-2376,\nCVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation\nfunction in the format (%) method of the String class without properly\nrestricting maximum string length. An attacker could use this flaw to\ncrash a Ruby application or, possibly, execute arbitrary code with the\nprivileges of the Ruby application using long, untrusted strings as\nformat strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain\na backported patch to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0561\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0561\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"irb-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-devel-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-docs-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-libs-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-mode-1.8.1-7.el4_6.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-tcltk-1.8.1-7.el4_6.1\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-devel-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-libs-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / etc\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:05", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2662 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2663 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2664 Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2725 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2726 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2376 It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1612.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33551", "published": "2008-07-23T00:00:00", "title": "Debian DSA-1612-1 : ruby1.8 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1612. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33551);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_xref(name:\"DSA\", value:\"1612\");\n\n script_name(english:\"Debian DSA-1612-1 : ruby1.8 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2008-2662\n Drew Yao discovered that multiple integer overflows in\n the string processing code may lead to denial of service\n and potentially the execution of arbitrary code.\n\n - CVE-2008-2663\n Drew Yao discovered that multiple integer overflows in\n the string processing code may lead to denial of service\n and potentially the execution of arbitrary code.\n\n - CVE-2008-2664\n Drew Yao discovered that a programming error in the\n string processing code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2725\n Drew Yao discovered that an integer overflow in the\n array handling code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2726\n Drew Yao discovered that an integer overflow in the\n array handling code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2376\n It was discovered that an integer overflow in the array\n handling code may lead to denial of service and\n potentially the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1612\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby1.8 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"irb1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.8-dbg\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-dev\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-elisp\", reference:\"1.8.5-4etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.8-examples\", reference:\"1.8.5-4etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:17:06", "bulletinFamily": "scanner", "description": "Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)", "modified": "2019-01-07T00:00:00", "id": "SL_20080714_RUBY_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=60442", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60442);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/01/07 9:52:18\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple integer overflows leading to a heap overflow were discovered\nin the array- and string-handling code used by Ruby. An attacker could\nuse these flaws to crash a Ruby application or, possibly, execute\narbitrary code with the privileges of the Ruby application using\nuntrusted inputs in array or string operations. (CVE-2008-2376,\nCVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation\nfunction in the format (%) method of the String class without properly\nrestricting maximum string length. An attacker could use this flaw to\ncrash a Ruby application or, possibly, execute arbitrary code with the\nprivileges of the Ruby application using long, untrusted strings as\nformat strings. (CVE-2008-2664)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&P=803\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?22f191af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"irb-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-devel-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-docs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-libs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-mode-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"ruby-tcltk-1.8.1-7.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-devel-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-libs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:01", "bulletinFamily": "scanner", "description": "- Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.230-1\n\n - New upstream release.\n\n - Security fixes. (#452293)\n\n - CVE-2008-1891: WEBrick CGI source disclosure.\n\n - CVE-2008-2662: Integer overflow in rb_str_buf_append().\n\n - CVE-2008-2663: Integer overflow in rb_ary_store().\n\n - CVE-2008-2664: Unsafe use of alloca in rb_str_format().\n\n - CVE-2008-2725: Integer overflow in rb_ary_splice().\n\n - CVE-2008-2726: Integer overflow in rb_ary_splice().\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: removed.\n\n - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.114-1\n\n - Security fix for CVE-2008-1145.\n\n - Improve a spec file. (#226381)\n\n - Correct License tag.\n\n - Fix a timestamp issue.\n\n - Own a arch-specific directory.\n\n - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.8.6.111-9\n\n - Autorebuild for GCC 4.3\n\n - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-8\n\n - Rebuild for gcc-4.3.\n\n - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-7\n\n - Revert the change of libruby-static.a. (#428384)\n\n - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-6\n\n - Fix an unnecessary replacement for shebang. (#426835)\n\n - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-5\n\n - Rebuild.\n\n - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-4\n\n - Clean up again.\n\n - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-3\n\n - Clean up the spec file.\n\n - Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. this could be replaced by ri.\n\n - Disable the static library building.\n\n - Tue Dec 4 2007 Release Engineering <rel-eng at fedoraproject dot org> - 1.8.6.111-2\n\n - Rebuild for openssl bump\n\n - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com>\n\n - Fix the dead link.\n\n - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> - 1.8.6.111-1\n\n - New upstream release.\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users' scripts. Note that Net::HTTP#enable_post_connection_check isn't available anymore. If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE to Net::HTTP#verify_mode= instead of.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-12-08T00:00:00", "id": "FEDORA_2008-5649.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33260", "published": "2008-06-26T00:00:00", "title": "Fedora 8 : ruby-1.8.6.230-1.fc8 (2008-5649)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-5649.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33260);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:53 $\");\n\n script_cve_id(\"CVE-2008-1891\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903);\n script_xref(name:\"FEDORA\", value:\"2008-5649\");\n\n script_name(english:\"Fedora 8 : ruby-1.8.6.230-1.fc8 (2008-5649)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Jun 24 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.230-1\n\n - New upstream release.\n\n - Security fixes. (#452293)\n\n - CVE-2008-1891: WEBrick CGI source disclosure.\n\n - CVE-2008-2662: Integer overflow in\n rb_str_buf_append().\n\n - CVE-2008-2663: Integer overflow in rb_ary_store().\n\n - CVE-2008-2664: Unsafe use of alloca in\n rb_str_format().\n\n - CVE-2008-2725: Integer overflow in rb_ary_splice().\n\n - CVE-2008-2726: Integer overflow in rb_ary_splice().\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: removed.\n\n - Tue Mar 4 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.114-1\n\n - Security fix for CVE-2008-1145.\n\n - Improve a spec file. (#226381)\n\n - Correct License tag.\n\n - Fix a timestamp issue.\n\n - Own a arch-specific directory.\n\n - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at\n fedoraproject.org> - 1.8.6.111-9\n\n - Autorebuild for GCC 4.3\n\n - Tue Feb 19 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-8\n\n - Rebuild for gcc-4.3.\n\n - Tue Jan 15 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-7\n\n - Revert the change of libruby-static.a. (#428384)\n\n - Fri Jan 11 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-6\n\n - Fix an unnecessary replacement for shebang. (#426835)\n\n - Fri Jan 4 2008 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-5\n\n - Rebuild.\n\n - Fri Dec 28 2007 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-4\n\n - Clean up again.\n\n - Fri Dec 21 2007 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-3\n\n - Clean up the spec file.\n\n - Remove ruby-man-1.4.6 stuff. this is entirely the\n out-dated document. this could be replaced by ri.\n\n - Disable the static library building.\n\n - Tue Dec 4 2007 Release Engineering <rel-eng at\n fedoraproject dot org> - 1.8.6.111-2\n\n - Rebuild for openssl bump\n\n - Wed Oct 31 2007 Akira TAGOH <tagoh at redhat.com>\n\n - Fix the dead link.\n\n - Mon Oct 29 2007 Akira TAGOH <tagoh at redhat.com> -\n 1.8.6.111-1\n\n - New upstream release.\n\n - ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with\n backporting the changes at trunk to enable the fix\n without any modifications on the users' scripts. Note\n that Net::HTTP#enable_post_connection_check isn't\n available anymore. If you want to disable this\n post-check, you should give OpenSSL::SSL::VERIFY_NONE\n to Net::HTTP#verify_mode= instead of.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=443829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=450834\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=451828\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-June/011668.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fad4693f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(22, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"ruby-1.8.6.230-1.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:11:06", "bulletinFamily": "scanner", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2008-2662 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2663 Drew Yao discovered that multiple integer overflows in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2664 Drew Yao discovered that a programming error in the string processing code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2725 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2726 Drew Yao discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.\n\n - CVE-2008-2376 It was discovered that an integer overflow in the array handling code may lead to denial of service and potentially the execution of arbitrary code.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-1618.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=33738", "published": "2008-07-28T00:00:00", "title": "Debian DSA-1618-1 : ruby1.9 - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1618. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33738);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:33\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_xref(name:\"DSA\", value:\"1618\");\n\n script_name(english:\"Debian DSA-1618-1 : ruby1.9 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2008-2662\n Drew Yao discovered that multiple integer overflows in\n the string processing code may lead to denial of service\n and potentially the execution of arbitrary code.\n\n - CVE-2008-2663\n Drew Yao discovered that multiple integer overflows in\n the string processing code may lead to denial of service\n and potentially the execution of arbitrary code.\n\n - CVE-2008-2664\n Drew Yao discovered that a programming error in the\n string processing code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2725\n Drew Yao discovered that an integer overflow in the\n array handling code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2726\n Drew Yao discovered that an integer overflow in the\n array handling code may lead to denial of service and\n potentially the execution of arbitrary code.\n\n - CVE-2008-2376\n It was discovered that an integer overflow in the array\n handling code may lead to denial of service and\n potentially the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2725\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-2376\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1618\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby1.9 packages.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.9.0+20060609-1etch2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"irb1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libgdbm-ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libopenssl-ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libreadline-ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libruby1.9-dbg\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"libtcltk-ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"rdoc1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ri1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-dev\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-elisp\", reference:\"1.9.0+20060609-1etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"ruby1.9-examples\", reference:\"1.9.0+20060609-1etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:12:53", "bulletinFamily": "scanner", "description": "Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy object-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2008-0561.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=43694", "published": "2010-01-06T00:00:00", "title": "CentOS 4 / 5 : ruby (CESA-2008:0561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0561 and \n# CentOS Errata and Security Advisory 2008:0561 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43694);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903, 30036);\n script_xref(name:\"RHSA\", value:\"2008:0561\");\n\n script_name(english:\"CentOS 4 / 5 : ruby (CESA-2008:0561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered\nin the array- and string-handling code used by Ruby. An attacker could\nuse these flaws to crash a Ruby application or, possibly, execute\narbitrary code with the privileges of the Ruby application using\nuntrusted inputs in array or string operations. (CVE-2008-2376,\nCVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation\nfunction in the format (%) method of the String class without properly\nrestricting maximum string length. An attacker could use this flaw to\ncrash a Ruby application or, possibly, execute arbitrary code with the\nprivileges of the Ruby application using long, untrusted strings as\nformat strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain\na backported patch to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015111.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21d2cfe8\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015115.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?afd701a7\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56a92005\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2008-July/015121.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e7cd80a0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"irb-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"irb-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-devel-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-devel-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-docs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-docs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-libs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-libs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-mode-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-mode-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-tcltk-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.8.1-7.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-devel-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-libs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-02-21T01:19:17", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0561 :\n\nUpdated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy object-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues.", "modified": "2018-07-18T00:00:00", "id": "ORACLELINUX_ELSA-2008-0561.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67716", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 / 5 : ruby (ELSA-2008-0561)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0561 and \n# Oracle Linux Security Advisory ELSA-2008-0561 respectively.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67716);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2018/07/18 17:43:56\");\n\n script_cve_id(\"CVE-2008-2376\", \"CVE-2008-2662\", \"CVE-2008-2663\", \"CVE-2008-2664\", \"CVE-2008-2725\", \"CVE-2008-2726\");\n script_bugtraq_id(29903, 30036);\n script_xref(name:\"RHSA\", value:\"2008:0561\");\n\n script_name(english:\"Oracle Linux 4 / 5 : ruby (ELSA-2008-0561)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0561 :\n\nUpdated ruby packages that fix several security issues are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered\nin the array- and string-handling code used by Ruby. An attacker could\nuse these flaws to crash a Ruby application or, possibly, execute\narbitrary code with the privileges of the Ruby application using\nuntrusted inputs in array or string operations. (CVE-2008-2376,\nCVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation\nfunction in the format (%) method of the String class without properly\nrestricting maximum string length. An attacker could use this flaw to\ncrash a Ruby application or, possibly, execute arbitrary code with the\nprivileges of the Ruby application using long, untrusted strings as\nformat strings. (CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security\nteam for reporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain\na backported patch to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000675.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-July/000676.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4 / 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", reference:\"irb-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-devel-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-docs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-libs-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-mode-1.8.1-7.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", reference:\"ruby-tcltk-1.8.1-7.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"EL5\", reference:\"ruby-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-devel-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-docs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-irb-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-libs-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-mode-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-rdoc-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-ri-1.8.5-5.el5_2.3\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-tcltk-1.8.5-5.el5_2.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / etc\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2019-05-30T07:37:06", "bulletinFamily": "unix", "description": "New ruby packages are available for Slackware 11.0, 12.0, 12.1, and -current to\nfix security issues.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726\n\n\nHere are the details from the Slackware 12.1 ChangeLog:\n\npatches/packages/ruby-1.8.6_p230-i486-1_slack12.1.tgz:\n Upgraded to ruby-1.8.6-p230.\n This fixes a number of security related bugs in Ruby which could lead to a\n denial of service (DoS) condition or allow execution of arbitrary code.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2662\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2663\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2664\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2725\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2726\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ruby-1.8.6_p230-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ruby-1.8.6_p230-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/ruby-1.8.6_p230-i486-1_slack12.1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.8.6_p230-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 11.0 package:\n70829776ab7cbb30fbfa3429b4546d16 ruby-1.8.6_p230-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\n29432869dd2618b3bc1104a4a85a00d2 ruby-1.8.6_p230-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\ncbf731bb6eac93bed69445ca98daffb8 ruby-1.8.6_p230-i486-1_slack12.1.tgz\n\nSlackware -current package:\n3220b90e012fe21c2e70f45d0cac265a ruby-1.8.6_p230-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ruby-1.8.6_p230-i486-1_slack12.1.tgz\n\nRestart any services linked dynamically to Ruby.", "modified": "2008-06-27T22:00:21", "published": "2008-06-27T22:00:21", "id": "SSA-2008-179-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.429562", "title": "ruby", "type": "slackware", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:44", "bulletinFamily": "unix", "description": "[1.8.5-5.el5_2.3]\n- CVE-2008-2376: Integer overflow in rb_ary_fill().\n[1.8.5-5.el5_2.1]\n- security fixes. (#451928)\n- CVE-2008-2662: Integer overflow in rb_str_buf_append().\n- CVE-2008-2663: Integer overflow in rb_ary_store().\n- CVE-2008-2664: Unsafe use of alloca in rb_str_format().\n- CVE-2008-2725: Integer overflow in rb_ary_splice().\n- CVE-2008-2726: Integer overflow in rb_ary_splice().", "modified": "2008-07-14T00:00:00", "published": "2008-07-14T00:00:00", "id": "ELSA-2008-0561", "href": "http://linux.oracle.com/errata/ELSA-2008-0561.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0561\n\n\nRuby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered in\nthe array- and string-handling code used by Ruby. An attacker could use\nthese flaws to crash a Ruby application or, possibly, execute arbitrary\ncode with the privileges of the Ruby application using untrusted inputs in\narray or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,\nCVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in\nthe format (%) method of the String class without properly restricting\nmaximum string length. An attacker could use this flaw to crash a Ruby\napplication or, possibly, execute arbitrary code with the privileges of the\nRuby application using long, untrusted strings as format strings.\n(CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015111.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015114.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015115.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015117.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015121.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-July/015122.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-mode\nruby-rdoc\nruby-ri\nruby-tcltk\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2008-0561.html", "modified": "2008-07-14T22:45:29", "published": "2008-07-14T16:46:29", "href": "http://lists.centos.org/pipermail/centos-announce/2008-July/015111.html", "id": "CESA-2008:0561", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "description": "Ruby is an interpreted scripting language for quick and easy\nobject-oriented programming.\n\nMultiple integer overflows leading to a heap overflow were discovered in\nthe array- and string-handling code used by Ruby. An attacker could use\nthese flaws to crash a Ruby application or, possibly, execute arbitrary\ncode with the privileges of the Ruby application using untrusted inputs in\narray or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,\nCVE-2008-2725, CVE-2008-2726)\n\nIt was discovered that Ruby used the alloca() memory allocation function in\nthe format (%) method of the String class without properly restricting\nmaximum string length. An attacker could use this flaw to crash a Ruby\napplication or, possibly, execute arbitrary code with the privileges of the\nRuby application using long, untrusted strings as format strings.\n(CVE-2008-2664)\n\nRed Hat would like to thank Drew Yao of the Apple Product Security team for\nreporting these issues.\n\nUsers of Ruby should upgrade to these updated packages, which contain a\nbackported patch to resolve these issues.", "modified": "2017-09-08T12:11:31", "published": "2008-07-14T04:00:00", "id": "RHSA-2008:0561", "href": "https://access.redhat.com/errata/RHSA-2008:0561", "type": "redhat", "title": "(RHSA-2008:0561) Moderate: ruby security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:21:24", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1612-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 21, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.8\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376\n\nSeveral vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2006-2662\n\n Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2663\n\n Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2664\n\n Drew Yao discovered that a programming error in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2725\n\n Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nCVE-2008-2726\n\n Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nCVE-2008-2376\n\n It was discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.8.5-4etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.22-2.\n\nWe recommend that you upgrade your ruby1.8 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for amd64, arm, hppa, i386, ia64, mipsel, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5.orig.tar.gz\n Size/MD5 checksum: 4434227 aae9676332fcdd52f66c3d99b289878f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.diff.gz\n Size/MD5 checksum: 100878 f55f4e2a0ca298d6312a8e3c4618da0f\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2.dsc\n Size/MD5 checksum: 1079 02286e0f1885c65a9d1fdad5bd933ac7\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.5-4etch2_all.deb\n Size/MD5 checksum: 309932 0d08bd3d9b467f82df59811dcb4ffd10\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.5-4etch2_all.deb\n Size/MD5 checksum: 209874 76ab42ff282540121b1ffa23b8c34208\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.5-4etch2_all.deb\n Size/MD5 checksum: 235238 d1f242b11d00199ecedf64cac2c6ac44\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.5-4etch2_all.deb\n Size/MD5 checksum: 242330 11359f9774006c02ca68402b1a6c021e\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.5-4etch2_all.deb\n Size/MD5 checksum: 1228716 cacd1dfc0b53e163adf3090175d85260\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 302500 42fb912eed252ddf0c0e0d1ded838375\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 197696 9388576f466a8d757a261653be326a64\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 198304 6dd9e7ffc83e0a343acc5d9360233724\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 1584450 7bfff8f2effc86fefd21cad2ad7aefe2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 197264 34559ddb2772bd4e4b4e9438da43b012\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 1068156 13587924fe8611ee3248d69615b77ff9\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 1863884 c9f007e6a0388f91463d422e9f88af00\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 748210 55373ce2ec797ad0334761d19e21ed04\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_amd64.deb\n Size/MD5 checksum: 216876 c45424af2eff7d0894d8b45f02531ae0\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 196940 a62011688ef13cbc74632695d8360744\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 197322 edf088cbecf6685fcd8455b9f787e207\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 1858580 7ccb22d6b10c2d2f8016c4a37488354e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 1524706 458dc14e9530cf12e2c109001ee6f502\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 196234 0b8141526f878fb32dd041d36dfe438d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 992648 fbaf16530fa84811a4f5c6ef1c3f1396\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 218902 6fed18d07c5589012711dcffd2c47654\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 287070 e24374581f184cb912ab1c2904de4c52\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_arm.deb\n Size/MD5 checksum: 696944 8a4a676931c6659d266f834e32ff3473\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 198692 837006b2872f955dd9ec506e913e7b65\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 1868624 391adcb7da667e079e38b31957639921\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 218760 9257f4fc3685c20dfea925a3b375df6c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 1041804 7617254859485b415d7abe4e44f97e20\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 199398 8de28dbbcaccd932cdf4b1368de85fa3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 1675058 d4d8d05f55e84ac811a4a23379d2fccf\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 315826 5ba45a9cab7c98a9863790f0ddb5e032\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 199712 7eba9eec4404e39ba3a05d0ba7182aaf\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_hppa.deb\n Size/MD5 checksum: 823768 c5872e31690ebf1f937ae5921e09d6ee\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 197152 cc0255b2d30f2868b3a35131baea785e\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 197458 23448fa802f56b0353e146dd95798b40\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 1529512 e554018801428fcc8a0eb270cecbe0a1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 1830888 cfe09cb1dee2dc0ec663b764016c5c41\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 292002 669ff5d31b18e684695fcc585bbcf37d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 217452 fd84d502e12c0ed9dcb9931533bedf14\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 719152 eb2bb629d207bdb94513224cd696133a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 197870 8dda63e50264e70657c900bf0e31268a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_i386.deb\n Size/MD5 checksum: 1002688 9f9723f995389d89c8edff650cd80572\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 1861398 da0a8b6f595234f6362108c53d4b8527\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 971210 96f9b9c22c86efba9a9677ff97543ba7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 1025826 a0282c8d5148ee5530ddcb1918aa6393\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 202014 60855e63b50d60c6446699ca8a9e5f9a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 1893652 99e42c9ff74db67737bc1037a668bd81\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 201044 53faf98cdde5801097f06c669ef31997\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 202966 d5ad616f41e4c71fcab98abc32af8425\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 218178 814d14acfbc5060ce05f5610185bacef\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_ia64.deb\n Size/MD5 checksum: 330138 87b96dd77f226d1b156aa41cbd50e869\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 217702 035d0564ca69caf6291f91b396afd933\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 1059672 ae82660099169f05b832ea65b5875f42\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 792918 6daa1c239c1875477c369d662c1c7990\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 278810 b1ef2497c40951b0f55afbeb9b2b5a73\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 197272 ca8b731d68d2ef0ecab3f8d46421e390\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 1536298 72ed58d1217e07ec4ff4c536e426b112\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 197624 77f168b7b16d958921c399ec2fb2c55d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 1829844 d73c28a07fc670c515d35e5f4cc460de\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_mipsel.deb\n Size/MD5 checksum: 196686 7a50283b0c21e6c374254274587a250c\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 217566 ff62230e9213127217ba40da20bc6dbb\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 778968 84b097fa479926caef58f0cde5c6cc58\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 1051808 c06ced9c1c2cf67d499266ce98809448\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 198216 9ebd6482767e58cfc7b77778a48dc54b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 304860 1609587558238fabdafff4f25fab5693\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 1838646 b969d38b082b4554e2a68784a872d32f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 198530 6e9d131297d20789402f06b598bf31a5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 199016 d365604deac86ffe016706a4d53a41f8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_s390.deb\n Size/MD5 checksum: 1617614 d136348e15e9c521e9df47c4725cae99\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 197476 5ad505e06bfd48a7a52d31b04282ce75\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 295616 6999ddde1719965f55cb431435c77ac6\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 217478 6ffe8d27ff16d0d885bd41e8cf5356e2\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 740760 1a9e73da21a894b10ebdd88675340247\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 197526 329124a906b7eb6ba13c30864ff59373\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 1540818 b827798d6293c28046527b96b733818b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 961112 efe54a61cd55bf6f7de9417941795f29\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 196756 c4741cba5f54a703cdcba0fe027a6468\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.5-4etch2_sparc.deb\n Size/MD5 checksum: 1832852 8286b329ab1bad7793d827e33bae56c2\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-07-21T17:29:29", "published": "2008-07-21T17:29:29", "id": "DEBIAN:DSA-1612-1:05D94", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00195.html", "title": "[SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-30T02:22:04", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1618-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 26, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : ruby1.9\nVulnerability : several\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726 CVE-2008-2376\n\nSeveral vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may lead to denial of service or the\nexecution of arbitrary code. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2006-2662\n\n Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2663\n\n Drew Yao discovered that multiple integer overflows in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2664\n\n Drew Yao discovered that a programming error in the string\n processing code may lead to denial of service and potentially the\n execution of arbitrary code.\n\nCVE-2008-2725\n\n Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nCVE-2008-2726\n\n Drew Yao discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nCVE-2008-2376\n\n It was discovered that an integer overflow in the array handling\n code may lead to denial of service and potentially the execution\n of arbitrary code.\n\nFor the stable distribution (etch), these problems have been fixed in\nversion 1.9.0+20060609-1etch2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.9.0.2-2.\n\nWe recommend that you upgrade your ruby1.9 packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nStable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2.diff.gz\n Size/MD5 checksum: 26264 467128b32ddc72efdb8dcc94dde7b83e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2.dsc\n Size/MD5 checksum: 1102 41bfadd2129611fa57db1a9a9599732a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609.orig.tar.gz\n Size/MD5 checksum: 4450198 483d9b46a973c7e14f7586f0b1129891\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-examples_1.9.0+20060609-1etch2_all.deb\n Size/MD5 checksum: 264188 281f502b10cd5aa537cb0ae2882f28df\n http://security.debian.org/pool/updates/main/r/ruby1.9/rdoc1.9_1.9.0+20060609-1etch2_all.deb\n Size/MD5 checksum: 318246 f76f378d70628765f77a73eafbcd1f5d\n http://security.debian.org/pool/updates/main/r/ruby1.9/ri1.9_1.9.0+20060609-1etch2_all.deb\n Size/MD5 checksum: 685406 86521ce68e8d4cd7b81773f243ac9b0a\n http://security.debian.org/pool/updates/main/r/ruby1.9/irb1.9_1.9.0+20060609-1etch2_all.deb\n Size/MD5 checksum: 255668 9eaf949d3282bb1cd569daa6c076dc58\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-elisp_1.9.0+20060609-1etch2_all.deb\n Size/MD5 checksum: 228058 2b4842ced30aeff1ce2b8326f46b0222\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 217046 f33739f10b5726a0271d375b7ccbdee4\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 237224 31576c61f565132bb0e7b9d82f1e68e3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 324120 cf5596272b914ebf6b9562a9509ae59e\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 960464 5bbe1024d9c8d0e42a1af0d0f14bd959\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 216316 a1cc2dc918febd593f1ea6146ace8f93\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 1880690 006715d933fc8cabf8a74203cbed4d9d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 339652 c69c076dc020260ad40f1693800d0b72\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 217064 adb97f78aec310381faa3b5ac1cad5b8\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_alpha.deb\n Size/MD5 checksum: 1888672 7b374de959cd84b7b65aa679324831c8\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 322902 97753c5a04642d38a116f5e01896059c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 216010 f39d7c5bc68b549b3b511be8fd72c6ae\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 345448 8c45bf34dbb91538a662f8f8e991fece\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 215518 d7bcf904fce40fa1efce2ede2a095560\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 806966 c8d5dfedf21312becbeb3f362f664549\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 1877770 2b7556f47135226444887e969ba9b9c1\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 235044 11cf582e867b4d8a07f1fad0639728b2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 216076 70bd5925512ebb620a6847eccd90345c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_amd64.deb\n Size/MD5 checksum: 1849416 1d4c4fa99f9e7896b41f8403d9b0cd8a\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 364444 1e84d3fbe5ab83a29e51aab712dd5e23\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 236656 05149cde59e23095af2dda56deefbf5a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 215754 110c4335903b671187328985e51feaa9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 1791690 cb30bbf4605e79a9e9d462719e7ec74f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 311010 38ee7772554ca53a85141d850dc892b2\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 792420 f2c263e9e075f553d78802df52036540\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 215014 2909643c80881b9bab51c3b4c3e12ccc\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 215680 5695a9dca73d58297e0333ac4c3727d2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_arm.deb\n Size/MD5 checksum: 1875678 f9731b2384ed7510a20e13350474d96a\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 217586 d048912384e46068397d69e894867590\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 395086 cfa33f014575e668890b254157fd8f5a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 1860368 5a530583061ad939424e3080cc91326e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 333334 c1eab7a9c504a7bc78cd3bc7e36f0035\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 888212 21631a9e95913d6fcad0f4dd6475cb22\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 1880098 f7d171bf53602faf60ebc1b4a492bbe2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 217038 b1cb43a79e93806b4ebf4d822eaf69b4\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 236554 efd7a4c59a867cf04e05a8f1e67fb04a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_hppa.deb\n Size/MD5 checksum: 217388 119b909aa533d2271d72c7cd160327e4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 344240 e28ed33ab58e74842ddebdcccf8af1b0\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 755616 0270ba276d64ade1ba7c457502dc11c2\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 308238 4acf1560fa754a4bc83826016f9ed5c3\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 215068 a06ce95af07703c5d1e17c1fe3650070\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 215748 174eacdf10024484d8eea0c875828189\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 234788 1f338beda4c4ace78df2fa5fe01b3afd\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 1837746 11e0a3003856dcdc4f11d9398a306a9f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 1748486 7daf8be920522fbd8a38f5cca277a67f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_i386.deb\n Size/MD5 checksum: 216006 cb8065a642d6eba06ccd77cc5e0a9f09\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 351098 b8e858cfda0c7411e62fab7573e68ef7\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 1863144 af8e7815736a37aa182e3bfd3a795d72\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 1095042 e67a11a879b8dc45f64cabd5a1a6ef3a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 235804 23fe372ccb2cae1e23a43d38184f963f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 350528 7b30735f8c9785beeb409c81dba904c1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 220136 937f5219cbe78d514a348ad9dd8a9d66\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 220124 eb51f7f2eb98e995c880f26d019411f1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 219636 fd1a90fda8763f97269152a98287c582\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_ia64.deb\n Size/MD5 checksum: 2224416 ac508b7580d7118380a52c5080471f5a\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 1861714 60fb66170e15ca8e0e09a673aad5d7e6\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 214670 1ab5a7e86571cc5834a6dc21f841e065\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 235604 4a2027d53ff6e2af6280ec5f0899d7da\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 872966 535e9653b02dfe79b06ba8666d836529\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 371878 4c10b82e7087d3f6d281fc3f5298597c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 301172 2e9afa1664bb3bc2bf5a600f849a2947\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 215526 d9387c124e69eda689e60401cc84b957\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 215392 df023c921a933b36bab1543cc8a39bd1\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_mips.deb\n Size/MD5 checksum: 1678936 1d25adc6a7e75cfc641718bd09a3b8d9\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 235048 d9800ff09bb35adf537bc54eca366d54\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 1836372 51b3242d3e4ecfce846c0a2752157ce9\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 215624 02370fe04f3338b8b119a3b50f5aa00a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 857806 fdc3462561b97a6b24c0a9e23d9a724b\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 366902 898fcd4d88f44910ba6109f00f8d232e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 298994 ce9c5c0835f9d8487a18158f0665dc2d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 215774 ee00528f1a59cb01a2cf8c69b0df8374\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 214862 e6627d28ecb0c587886fca7d82d13e71\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_mipsel.deb\n Size/MD5 checksum: 1667032 27e0c6ebf93906dbd0cfca3079031313\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 217102 6e28d2f93cd5a5beba56da8ff97de448\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 776464 6572a3979465d9067a8ab8f720092804\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 1843790 ffae78c0d847187608eb5e7e5bd44d7f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 217662 0eea6173ddf0be0998c50f49c70ea73e\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 217996 334928813ab4b3ff134d0660ba6b1064\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 236726 848945c3adef9967376e172af8d5510c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 1807140 f1aec7313e006dd9f4878e314dc56a4a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 312002 6598cc1165aa1d94278a610bed0a676f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_powerpc.deb\n Size/MD5 checksum: 372344 628b6bb4217c5b92a30228930d8b9cee\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 370974 7b90fab80e4d022adef61b29a9dc392a\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 217482 7de0fadef39f8f24bf00918200bddaa4\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 234952 d58be85711961db42afb009368e687b5\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 1848676 3e841f9f0eb37fad5080cca6b5d5a5df\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 327304 c8ae5ac51bab7064de183c53d32aa682\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 216940 059ae6a6e62dc0363a9e924068a7232a\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 883636 2e12c59b6888f43839268a2dfb2dd48d\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 217004 33ac2a7ab614867ae1bfc3b2e37b196c\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_s390.deb\n Size/MD5 checksum: 1854708 2e376024c45de1d80e971669edc83567\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 1792444 cc9ddbf694f07b43022a734c90d59c6f\n http://security.debian.org/pool/updates/main/r/ruby1.9/libgdbm-ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 215468 26ff49550d4d05e60dce5fb4062427ae\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 234836 95c03612c22208efde3497bab210d8ca\n http://security.debian.org/pool/updates/main/r/ruby1.9/libtcltk-ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 1842154 b04455d02e78dc3d5a9286c54086b215\n http://security.debian.org/pool/updates/main/r/ruby1.9/libreadline-ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 216166 c99aaeb0cb92d183bb92c09527b86726\n http://security.debian.org/pool/updates/main/r/ruby1.9/libdbm-ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 216240 b6cf8cacba27109cc2b4f63032e9e36c\n http://security.debian.org/pool/updates/main/r/ruby1.9/ruby1.9-dev_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 822230 20102947f65faa3ace0e335f9f10d9fb\n http://security.debian.org/pool/updates/main/r/ruby1.9/libopenssl-ruby1.9_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 317180 0e5810ca143a9dda1965a2a951033ded\n http://security.debian.org/pool/updates/main/r/ruby1.9/libruby1.9-dbg_1.9.0+20060609-1etch2_sparc.deb\n Size/MD5 checksum: 372180 cf065f89106de3ba48ed93e2e5a21577\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-07-26T15:18:18", "published": "2008-07-26T15:18:18", "id": "DEBIAN:DSA-1618-1:F6BDD", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00203.html", "title": "[SECURITY] [DSA 1618-1] New ruby1.9 packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:07", "bulletinFamily": "unix", "description": "### Background\n\nRuby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (\"WEBRick\") and a class for XML parsing (\"REXML\"). \n\n### Description\n\nMultiple vulnerabilities have been discovered in the Ruby interpreter and its standard libraries. Drew Yao of Apple Product Security discovered the following flaws: \n\n * Arbitrary code execution or Denial of Service (memory corruption) in the rb_str_buf_append() function (CVE-2008-2662).\n * Arbitrary code execution or Denial of Service (memory corruption) in the rb_ary_stor() function (CVE-2008-2663).\n * Memory corruption via alloca in the rb_str_format() function (CVE-2008-2664).\n * Memory corruption (\"REALLOC_N\") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2725).\n * Memory corruption (\"beg + rlen\") in the rb_ary_splice() and rb_ary_replace() functions (CVE-2008-2726).\n\nFurthermore, several other vulnerabilities have been reported: \n\n * Tanaka Akira reported an issue with resolv.rb that enables attackers to spoof DNS responses (CVE-2008-1447).\n * Akira Tagoh of RedHat discovered a Denial of Service (crash) issue in the rb_ary_fill() function in array.c (CVE-2008-2376).\n * Several safe level bypass vulnerabilities were discovered and reported by Keita Yamaguchi (CVE-2008-3655).\n * Christian Neukirchen is credited for discovering a Denial of Service (CPU consumption) attack in the WEBRick HTTP server (CVE-2008-3656).\n * A fault in the dl module allowed the circumvention of taintness checks which could possibly lead to insecure code execution was reported by \"sheepman\" (CVE-2008-3657).\n * Tanaka Akira again found a DNS spoofing vulnerability caused by the resolv.rb implementation using poor randomness (CVE-2008-3905).\n * Luka Treiber and Mitja Kolsek (ACROS Security) disclosed a Denial of Service (CPU consumption) vulnerability in the REXML module when dealing with recursive entity expansion (CVE-2008-3790).\n\n### Impact\n\nThese vulnerabilities allow remote attackers to execute arbitrary code, spoof DNS responses, bypass Ruby's built-in security and taintness checks, and cause a Denial of Service via crash or CPU exhaustion. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.6_p287-r1\"", "modified": "2008-12-16T00:00:00", "published": "2008-12-16T00:00:00", "id": "GLSA-200812-17", "href": "https://security.gentoo.org/glsa/200812-17", "type": "gentoo", "title": "Ruby: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
