Ruby insecure file permissions in the CGI session management
2004-08-16T00:00:00
ID E811AAF1-F015-11D8-876F-00902714CC7C Type freebsd Reporter FreeBSD Modified 2004-08-28T00:00:00
Description
According to a Debian Security Advisory:
Andres Salomon noticed a problem in the CGI session
management of Ruby, an object-oriented scripting language.
CGI::Session's FileStore (and presumably PStore [...])
implementations store session information insecurely.
They simply create files, ignoring permission issues.
This can lead an attacker who has also shell access to the
webserver to take over a session.
{"id": "E811AAF1-F015-11D8-876F-00902714CC7C", "bulletinFamily": "unix", "title": "Ruby insecure file permissions in the CGI session management", "description": "\nAccording to a Debian Security Advisory:\n\nAndres Salomon noticed a problem in the CGI session\n\t management of Ruby, an object-oriented scripting language.\n\t CGI::Session's FileStore (and presumably PStore [...])\n\t implementations store session information insecurely.\n\t They simply create files, ignoring permission issues.\n\t This can lead an attacker who has also shell access to the\n\t webserver to take over a session.\n\n", "published": "2004-08-16T00:00:00", "modified": "2004-08-28T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://vuxml.freebsd.org/freebsd/e811aaf1-f015-11d8-876f-00902714cc7c.html", "reporter": "FreeBSD", "references": ["http://marc.theaimsgroup.com/?l=bugtraq&m=109267579822250&w=2", "http://xforce.iss.net/xforce/xfdb/16996", "http://www.debian.org/security/2004/dsa-537"], "cvelist": ["CVE-2004-0755"], "type": "freebsd", "lastseen": "2019-05-29T18:35:14", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0755"]}, {"type": "nessus", "idList": ["FEDORA_2004-403.NASL", "REDHAT-RHSA-2004-441.NASL", "FREEBSD_RUBY_181.NASL", "GENTOO_GLSA-200409-08.NASL", "FEDORA_2004-264.NASL", "DEBIAN_DSA-537.NASL", "MANDRAKE_MDKSA-2004-128.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54665", "OPENVAS:53227", "OPENVAS:52407"]}, {"type": "gentoo", "idList": ["GLSA-200409-08"]}, {"type": "redhat", "idList": ["RHSA-2004:441"]}, {"type": "osvdb", "idList": ["OSVDB:8845"]}, {"type": "debian", "idList": ["DEBIAN:DSA-537-1:03B76"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:6751"]}], "modified": "2019-05-29T18:35:14", "rev": 2}, "score": {"value": 5.1, "vector": "NONE", "modified": "2019-05-29T18:35:14", "rev": 2}, "vulnersScore": 5.1}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ruby", "packageVersion": "1.6.8.2004.07.26"}], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:33:39", "description": "The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.", "edition": 3, "cvss3": {}, "published": "2004-10-20T04:00:00", "title": "CVE-2004-0755", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0755"], "modified": "2017-10-11T01:29:00", "cpe": ["cpe:/a:yukihiro_matsumoto:ruby:1.8", "cpe:/a:yukihiro_matsumoto:ruby:1.6"], "id": "CVE-2004-0755", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0755", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:03", "bulletinFamily": "software", "cvelist": ["CVE-2004-0755"], "edition": 1, "description": "## Vulnerability Description\nRuby contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the cgi::session's filestore stores session information in temporary files created without any regard to permissions. Permissions are set only using the umask value, which may disclose the CGI session variable data resulting in a loss of confidentiality\n## Solution Description\nUpgrade to version 1.6.7-3woody3 or 1.8.1+1.8.2pre1-4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nRuby contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the cgi::session's filestore stores session information in temporary files created without any regard to permissions. Permissions are set only using the umask value, which may disclose the CGI session variable data resulting in a loss of confidentiality\n## Manual Testing Notes\nThe Following script provided by Andres Salomon can be used to illustrate the problem.\n\n#!/usr/bin/ruby -w\n\nrequire 'cgi'\nrequire 'cgi/session'\n\ncgi = CGI.new('html4')\nsession = CGI::Session.new(cgi, 'prefix' => 'blah_')\nKernel.system(\"ls -l \" + Dir.glob(\"/tmp/blah_*\").join(\" \"))\n## References:\nVendor URL: http://www.ruby-lang.org/en/\n[Vendor Specific Advisory URL](http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260779)\nSecurity Tracker: 1010955\n[Secunia Advisory ID:12293](https://secuniaresearch.flexerasoftware.com/advisories/12293/)\n[Secunia Advisory ID:12290](https://secuniaresearch.flexerasoftware.com/advisories/12290/)\n[Secunia Advisory ID:12462](https://secuniaresearch.flexerasoftware.com/advisories/12462/)\n[Secunia Advisory ID:12701](https://secuniaresearch.flexerasoftware.com/advisories/12701/)\n[Secunia Advisory ID:13141](https://secuniaresearch.flexerasoftware.com/advisories/13141/)\n[Secunia Advisory ID:13162](https://secuniaresearch.flexerasoftware.com/advisories/13162/)\n[Secunia Advisory ID:12837](https://secuniaresearch.flexerasoftware.com/advisories/12837/)\nOther Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:128\nOther Advisory URL: http://www.debian.org/security/2004/dsa-537\nOther Advisory URL: http://article.gmane.org/gmane.linux.gentoo.announce/445\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2004-441.html\n[Nessus Plugin ID:15474](https://vulners.com/search?query=pluginID:15474)\n[Nessus Plugin ID:15412](https://vulners.com/search?query=pluginID:15412)\n[Nessus Plugin ID:14662](https://vulners.com/search?query=pluginID:14662)\nISS X-Force ID: 16996\n[CVE-2004-0755](https://vulners.com/cve/CVE-2004-0755)\n", "modified": "2004-08-16T05:35:34", "published": "2004-08-16T05:35:34", "href": "https://vulners.com/osvdb/OSVDB:8845", "id": "OSVDB:8845", "type": "osvdb", "title": "Ruby CGI Session Management Insecure File Creation", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0755"], "description": "Ruby is an interpreted scripting language for object-oriented programming.\n\nAndres Salomon reported an insecure file permissions flaw in the CGI\nsession management of Ruby. FileStore created world readable files that\ncould allow a malicious local user the ability to read CGI session data. \nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0755 to this issue.\n\nUsers are advised to upgrade to this erratum package, which contains a\nbackported patch to CGI::Session FileStore.", "modified": "2018-03-14T19:25:55", "published": "2004-09-30T04:00:00", "id": "RHSA-2004:441", "href": "https://access.redhat.com/errata/RHSA-2004:441", "type": "redhat", "title": "(RHSA-2004:441) ruby security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2017-07-02T21:10:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-28T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52407", "href": "http://plugins.openvas.org/nasl.php?oid=52407", "type": "openvas", "title": "FreeBSD Ports: ruby", "sourceData": "#\n#VID e811aaf1-f015-11d8-876f-00902714cc7c\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ruby\n\nCVE-2004-0755\nThe FileStore capability in CGI::Session for Ruby before 1.8.1, and\npossibly PStore, creates files with insecure permissions, which can\nallow local users to steal session information and hijack sessions.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://xforce.iss.net/xforce/xfdb/16996\nhttp://www.debian.org/security/2004/dsa-537\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=109267579822250&w=2\nhttp://www.vuxml.org/freebsd/e811aaf1-f015-11d8-876f-00902714cc7c.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52407);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2004-0755\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: ruby\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6.8.2004.07.26\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.0\")>=0 && revcomp(a:bver, b:\"1.8.1.2004.07.23\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200409-08.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54665", "href": "http://plugins.openvas.org/nasl.php?oid=54665", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"When used for CGI scripting, Ruby creates session files in /tmp with the\npermissions of the default umask. Depending on that umask, local users may\nbe able to read sensitive data stored in session files.\";\ntag_solution = \"All Ruby users should upgrade to the latest version:\n\n # emerge sync\n\n # emerge -pv '>=dev-lang/ruby-your_version'\n # emerge '>=dev-lang/ruby-your_version'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=60525\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200409-08.\";\n\n \n\nif(description)\n{\n script_id(54665);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2004-0755\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/ruby\", unaffected: make_list(\"rge 1.6.8-r11\", \"rge 1.8.0-r7\", \"ge 1.8.2_pre2\"), vulnerable: make_list(\"lt 1.8.2_pre2\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:50:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "description": "The remote host is missing an update to ruby\nannounced via advisory DSA 537-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:53227", "href": "http://plugins.openvas.org/nasl.php?oid=53227", "type": "openvas", "title": "Debian Security Advisory DSA 537-1 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_537_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 537-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Andres Salomon no ticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell\naccess to the webserver to take over a session.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody3.\n\nFor the unstable and testing distributions (sarge and sid) this\nproblem has been fixed in version 1.8.1+1.8.2pre1-4.\n\nWe recommend that you upgrade your libruby package.\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory DSA 537-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20537-1\";\n\nif(description)\n{\n script_id(53227);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2004-0755\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 537-1 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-elisp\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-examples\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurses-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnkf-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpty-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsdbm-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsyslog-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtk-ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-dev\", ver:\"1.6.7-3woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:10", "bulletinFamily": "software", "cvelist": ["CVE-2004-0755"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200409-08\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Ruby: CGI::Session creates files insecurely\r\n Date: September 03, 2004\r\n Bugs: #60525\r\n ID: 200409-08\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nWhen used for CGI scripting, Ruby creates session files in /tmp with\r\nthe permissions of the default umask. Depending on that umask, local\r\nusers may be able to read sensitive data stored in session files.\r\n\r\nBackground\r\n==========\r\n\r\nRuby is an Object Oriented, interpreted scripting language used for\r\nmany system scripting tasks. It can also be used for CGI web\r\napplications.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 dev-lang/ruby < 1.8.2_pre2 *>= 1.6.8-r11\r\n *>= 1.8.0-r7\r\n >= 1.8.2_pre2\r\n\r\nDescription\r\n===========\r\n\r\nThe CGI::Session::FileStore implementation (and presumably\r\nCGI::Session::PStore), which allow data associated with a particular\r\nSession instance to be written to a file, writes to a file in /tmp with\r\nno regard for secure permissions. As a result, the file is left with\r\nwhatever the default umask permissions are, which commonly would allow\r\nother local users to read the data from that session file.\r\n\r\nImpact\r\n======\r\n\r\nDepending on the default umask, any data stored using these methods\r\ncould be read by other users on the system.\r\n\r\nWorkaround\r\n==========\r\n\r\nBy changing the default umask on the system to not permit read access\r\nto other users (e.g. 0700), one can prevent these files from being\r\nreadable by other users.\r\n\r\nResolution\r\n==========\r\n\r\nAll Ruby users should upgrade to the latest version:\r\n\r\n # emerge sync\r\n\r\n # emerge -pv ">=dev-lang/ruby-your_version"\r\n # emerge ">=dev-lang/ruby-your_version"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CAN-2004-0755\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0755\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200409-08.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2004 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/1.0\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\n\r\niD8DBQFBOMMqzKC5hMHO6rkRAqmnAJ9LMGqjEBpUTQAXLNIFIDEH6TTR+ACfUCAh\r\nLjX87bbkNFchTqau42NZ4wo=\r\n=xWAL\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2004-09-06T00:00:00", "published": "2004-09-06T00:00:00", "id": "SECURITYVULNS:DOC:6751", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:6751", "title": "[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0755"], "description": "### Background\n\nRuby is an Object Oriented, interpreted scripting language used for many system scripting tasks. It can also be used for CGI web applications. \n\n### Description\n\nThe CGI::Session::FileStore implementation (and presumably CGI::Session::PStore), which allow data associated with a particular Session instance to be written to a file, writes to a file in /tmp with no regard for secure permissions. As a result, the file is left with whatever the default umask permissions are, which commonly would allow other local users to read the data from that session file. \n\n### Impact\n\nDepending on the default umask, any data stored using these methods could be read by other users on the system. \n\n### Workaround\n\nBy changing the default umask on the system to not permit read access to other users (e.g. 0700), one can prevent these files from being readable by other users. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge sync\n \n # emerge -pv \">=dev-lang/ruby-your_version\"\n # emerge \">=dev-lang/ruby-your_version\"", "edition": 1, "modified": "2004-09-03T00:00:00", "published": "2004-09-03T00:00:00", "id": "GLSA-200409-08", "href": "https://security.gentoo.org/glsa/200409-08", "type": "gentoo", "title": "Ruby: CGI::Session creates files insecurely", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:12:44", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0755"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 537-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nAugust 16th, 2004 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ruby\nVulnerability : insecure file permissions\nProblem-Type : local\nDebian-specific: no\nCVE ID : CAN-2004-0755\nDebian Bug : 260779\n\nAndres Salomon no ticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell\naccess to the webserver to take over a session.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody3.\n\nFor the unstable and testing distributions (sarge and sid) this\nproblem has been fixed in version 1.8.1+1.8.2pre1-4.\n\nWe recommend that you upgrade your libruby package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3.dsc\n Size/MD5 checksum: 909 42ca59c34d2cc849dfc30ba472f7f116\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3.diff.gz\n Size/MD5 checksum: 43087 3a0e24b55c7456379ba74851c41ddcf6\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz\n Size/MD5 checksum: 996835 a8859c679ee9acbfdf5056cdf26fcad3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody3_all.deb\n Size/MD5 checksum: 51094 5005ad418261ec712d19d4ca56367bed\n http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody3_all.deb\n Size/MD5 checksum: 30158 2d205cd7e31956b474030ce54bcda454\n http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody3_all.deb\n Size/MD5 checksum: 37748 ea0251a91042ed3b93f606518b75c786\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 129428 3ec30ca16953da2763d04511c717d945\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 128344 0af6a10407582b9818612c4495ca518b\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 129688 690b91f05a43a0984002751cf950f19f\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 135336 bb4b3de1453c6f58f2ed3099ffef1c7d\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 132566 31c934c152702a4e1578a30a4acc3f4c\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 128284 73e5eb41e96be599bae70588f4e4fffc\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 648420 971c038b44db8e5f6aded126c579b8bf\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 132208 d0eee6f08dc2402bd789e02897f1a39c\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 129086 59bd5e286b27d597e3577ecc01571de8\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 146886 19edd9ef017acce324eaf5644aff7dca\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 162686 cc53b5bcc2fc25b49e7079ebd799db8b\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 144072 8e56491cbc6b5c66453a00f827276280\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_alpha.deb\n Size/MD5 checksum: 625932 dc6c60f17084fdd0ad07d48e9cafeff3\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 128308 c79f0e8abdc5a34b9582d59b986ab5be\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 127186 416b7a94fcdfcc3a59a2327107940e4c\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 128156 65f56dd2918b860e04fe1eb99db8db5d\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 134318 c1869b828d5f3a6d1046505b437991b3\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 131060 0c26c9e5c66e0ada36f9cee2d6f04569\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 127204 0db378fead41a8e7f64e766ef4a545ef\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 602496 4394a092060e68bc1d34736f264f9e27\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 130326 78d57ddc347234cc0496e6eec12a430b\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 128030 9d7a4feebef499766224a56d5b02afcf\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 146566 063abfcaf36bef42f926b04b0b4d8c3d\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 161120 d627766263ef715f8e643ca76065c2eb\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 142138 aae80e5b907df2f7638397ceb41e2ece\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_arm.deb\n Size/MD5 checksum: 572424 a7cef1fe976dabdb8cc45c1742099388\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 127790 e1205c5e304db4f4da1b72cfba06a201\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 127004 f18b4ca42b5ed6ed660d0b1f16f94d23\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 127794 c16d67ffb44d890b1c6695325a40db88\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 132546 fd2418e723e9593e6fb2a0b8ddb560f2\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 130850 9db0ae40218699d051b8f5380e982a4c\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 126956 a83ee07e8b69b03c54731249be14fb2c\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 561040 c434f5bd8ff8de6a346e5eb82df2372e\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 129828 291fd61e32d5f3986979b01abc980547\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 127250 30db287268d9fa0f23e4712a59176dbb\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 146198 6c8440063e379b3e60d6ea4001a5926e\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 161140 11a8a2aa9bbe7c01ab53ca6c920c98c5\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 142178 6a5aab98d048a03c958ced24dcac31ac\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_i386.deb\n Size/MD5 checksum: 492314 2fa7dc937bae7f456f6c466fcd3689fb\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 132964 e60b61f854e12dff1c7dc2dc152f9a94\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 132486 fe7965b42c0360b6427626f63788c548\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 134522 d82ca720a60a86ab6ee1c972433abd1d\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 139674 6f6b2aec3d5f308af1e3eaeffee52f45\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 133842 2ee528129c72ca691df2ba5bbb49daf4\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 131428 fc1c5020fb099724b75ae9d943f598fa\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 853762 66df1237cbf7482132f3c1e7d5fc9478\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 140176 8434621b3798fef58519967011622175\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 130570 6f2e029eb940ce8703ea224634bddb84\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 150160 ed95d384f39bbf915db5f3db3b66bd18\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 162156 2f74ce0a43569708fc072f24c7aadab0\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 143016 d387f4b4284a8c6a431596575fe5c209\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_ia64.deb\n Size/MD5 checksum: 754776 e92c1fd410a3b2f508924e33d4a0a776\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 130348 aa5745400400f66d82761d2982b495f4\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 129070 a790b197582972daf1d33e398cd383e7\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 130582 b9b750829364db4dba472f13cdc53ecd\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 135830 b3050e8f32cc8b4d9a429166ced30b63\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 132058 af3dc5ba678a627ca2477dc7a29d5929\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 128414 2db8ed7a954b4a53ab5b058f5d5b54af\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 685786 ec5083b3b273920b0bc8e8fed2bb36e2\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 132742 0dfa2492e892b330af5aa25921758d00\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 128866 c94fbb1fc8133fd5b5361f8c8870e4e4\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 147806 04fa22f21bec2a1e093a535908a6466e\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 161644 b04ab74d55eaa1cfe8fc93f791475767\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 142414 a51b05df9f4406f8a2ff12cc88ba9ec2\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_hppa.deb\n Size/MD5 checksum: 666922 25404242d3f1fcc5183930652ecf1cd1\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 128200 9a0b2868f76f87979c168cf834a7da95\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 127016 c87cfda620b8d3d74ee53fce603f75a7\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 128160 db81705d34af1dddb4334348d8fba6df\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 132594 93b9f11e3f95741cf89fc4d57a8da2af\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 131148 c2d5e93d16fa341067e9632af2aea9d0\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 127194 8c8517ceb7d782cd68e8202e52172e2d\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 561272 c137e55dcdf3efd294f3351ed41a025a\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 129550 5b588283bb536406cda1129d075f9647\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 128008 5e2158999321a43eb786ba950ba8d5e4\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 146452 0f18fff973a279b642e49fd55a15674a\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 161208 ab176231465ba41be9b7e1e296fa973b\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 142150 677ca204cf61f2894cb40b9bf8c496d2\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_m68k.deb\n Size/MD5 checksum: 470588 dd7b834f52328f1c3eaaebffb163dd8e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 128066 34b998262be7c5da5240b43e85b4b05a\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 126726 de79abd46651e1bd473177977c188cb6\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 127896 f08e2626552f649847ba8adde79bd1ad\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 133518 8d4d2cb8bde4849b99b1b7301e006559\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 130760 d58504211ca8fd4fa2c9d5194b20d9f2\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 127002 9645e4b25425e1e2d0c0d91f9d191f99\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 581684 a9cc975831de3ea9851c76c3a34561f4\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 130244 c4bb6e1bc8b3abecbe1a335cc16d6ae7\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 127616 2f8d40963f952305943fd659b2fa9793\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 146388 4696135eed267896b3725ada82e24ee0\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 161234 8f8d2eb85ba3144fea9ba01fea19a5ca\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 142536 e33a261393e89cd4785245fd8e86c6a3\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_mips.deb\n Size/MD5 checksum: 587196 efe9473b91750f8e996dae6ac538d9c7\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 128016 75f5960936046948e0dd00f07b665b84\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 126752 896fca2b2fc4005f7ddb433572fb8e6a\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 127918 6647f61287bbc520bdcfaf84854f5fc4\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 133524 6a21349453635e818d08add29ffb347c\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 130740 85ea023518438b3c238a9ff20f3ebcfc\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 126946 4de6fe2ffbdaa0e1509cacf4a51dd8ee\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 581236 03ef54fe90f13013a6cacf55a7ae1e03\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 130244 9b883c0e1254194f0cfc112572220b80\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 127602 596f768ee52bac9ee0f98a7dacd5fef6\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 146326 9f4767c8bb9a39ce830a6fbf4457a31a\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 161246 b57777443a07272bb8efb89e8fc26a24\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 142548 4345d7e4803a7d49d79841e5c4aed051\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_mipsel.deb\n Size/MD5 checksum: 577834 8d24ebec0af643b9674792a26d217755\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 128172 47b817c6e43f28ae76ebc5dfd85c6995\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 127382 9a7ed4a6bc2a1dc6ea62cab893259229\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 128482 91f7d646ac48dab065275b18edac2761\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 134216 33b37873348bc1fdf014fe18f9bc423e\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 131116 1f820aaf2fcba567e0422d19defefbc1\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 127278 120ede9817ce6974720ac6b2414382e4\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 606934 625ed15414c5e2627a870339f0cf8ae5\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 130350 f8bbbc383a6a10374db4ec0266be8461\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 128092 22bc2b894ed585d13ae95f9fadaf147f\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 146812 47fba2a53629cac0182f4b0cbcc918c1\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 161218 a097f25640ec69988347417c12efe480\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 142240 b683fb03d99a77b4ef2223f7c3a7585a\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_powerpc.deb\n Size/MD5 checksum: 529108 7d327e355f206dd22c7a032b7b21b803\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 128400 d7e26d77fbeac9971b3de3372164e526\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 127588 0676b34845df277c3ccfbb69972579cb\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 128650 472ec34761e12ed275441b67b5b285ad\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 133426 4f4718e01e004b5aec64f36ee8a0d0ac\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 131590 04fc7f96792b3d3b172ca6556e0d9910\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 127676 6daed5ee2add1b98b1337bccae744c5d\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 600520 306cc308c856c597f264b903b0565823\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 130602 b939f0917470cf49328fc5db5eb5993d\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 127668 c1c7ab0f2dbc2ef52ad0722598f0ee30\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 146974 cbbdd5c64e65578dfeda33a660f9c4b9\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 161290 418a07ac22ac6e74a7ebfbf0a3a70ab1\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 142404 e927d838e8bf933e3bcdfa5049e96a24\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_s390.deb\n Size/MD5 checksum: 532116 20e3927ba7a286ceb96e643c99c96aee\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 128160 a02e144293b556d8d28ef90ef8f84e6a\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 127210 cbc0e9f60c120e68abd615dbc7782482\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 128650 7b94be80efa7afad55e2452022f42c5f\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 134058 40d4148e8c427214c223795ba909ef97\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 131100 73c4a60be604896dc04699d0efb72020\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 127176 e1699aa9fe7fe7aed61832d3ab43c871\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 602908 61ab4131e4bc3d0c9da2327de4522e7b\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 129948 1b1eb23ba0ed3da96cf972c04f14a912\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 128022 669453179d94866792cfe27789fe504a\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 146514 6f09f6d77b874d4da0ee48e4d388c100\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 161268 0f7d07a0d11521604045ecd43f981f90\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 142164 f1202001ac69b03f4ba8f92c7bcb6bd2\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody3_sparc.deb\n Size/MD5 checksum: 561030 da13206ba8649404543b6acb2be343cb\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2004-08-15T00:00:00", "published": "2004-08-15T00:00:00", "id": "DEBIAN:DSA-537-1:03B76", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00140.html", "title": "[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-07T10:51:51", "description": "The remote host is affected by the vulnerability described in GLSA-200409-08\n(Ruby: CGI::Session creates files insecurely)\n\n The CGI::Session::FileStore implementation (and presumably\n CGI::Session::PStore), which allow data associated with a particular\n Session instance to be written to a file, writes to a file in /tmp with no\n regard for secure permissions. As a result, the file is left with whatever\n the default umask permissions are, which commonly would allow other local\n users to read the data from that session file.\n \nImpact :\n\n Depending on the default umask, any data stored using these methods could\n be read by other users on the system.\n \nWorkaround :\n\n By changing the default umask on the system to not permit read access to\n other users (e.g. 0700), one can prevent these files from being readable by\n other users.", "edition": 23, "published": "2004-09-04T00:00:00", "title": "GLSA-200409-08 : Ruby: CGI::Session creates files insecurely", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "modified": "2004-09-04T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ruby"], "id": "GENTOO_GLSA-200409-08.NASL", "href": "https://www.tenable.com/plugins/nessus/14662", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200409-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14662);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0755\");\n script_xref(name:\"GLSA\", value:\"200409-08\");\n\n script_name(english:\"GLSA-200409-08 : Ruby: CGI::Session creates files insecurely\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200409-08\n(Ruby: CGI::Session creates files insecurely)\n\n The CGI::Session::FileStore implementation (and presumably\n CGI::Session::PStore), which allow data associated with a particular\n Session instance to be written to a file, writes to a file in /tmp with no\n regard for secure permissions. As a result, the file is left with whatever\n the default umask permissions are, which commonly would allow other local\n users to read the data from that session file.\n \nImpact :\n\n Depending on the default umask, any data stored using these methods could\n be read by other users on the system.\n \nWorkaround :\n\n By changing the default umask on the system to not permit read access to\n other users (e.g. 0700), one can prevent these files from being readable by\n other users.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200409-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby users should upgrade to the latest version:\n # emerge sync\n # emerge -pv '>=dev-lang/ruby-your_version'\n # emerge '>=dev-lang/ruby-your_version'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/ruby\", unaffected:make_list(\"rge 1.6.8-r11\", \"rge 1.8.0-r7\", \"ge 1.8.2_pre2\"), vulnerable:make_list(\"lt 1.8.2_pre2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby: CGI:\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:05:42", "description": " - Thu Aug 19 2004 Akira TAGOH <tagoh at redhat.com>\n 1.8.1-6\n\n - security fix [CVE-2004-0755]\n\n - ruby-1.8.1-cgi_session_perms.patch: sets the\n permission of the session data file to 0600. (#130063)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-10-15T00:00:00", "title": "Fedora Core 2 : ruby-1.8.1-6 (2004-264)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "modified": "2004-10-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:ruby-docs", "p-cpe:/a:fedoraproject:fedora:ruby-debuginfo", "p-cpe:/a:fedoraproject:fedora:ruby-tcltk", "p-cpe:/a:fedoraproject:fedora:ruby-devel", "p-cpe:/a:fedoraproject:fedora:ruby-mode", "p-cpe:/a:fedoraproject:fedora:irb", "p-cpe:/a:fedoraproject:fedora:ruby-libs", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2004-264.NASL", "href": "https://www.tenable.com/plugins/nessus/15474", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-264.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15474);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-264\");\n\n script_name(english:\"Fedora Core 2 : ruby-1.8.1-6 (2004-264)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Aug 19 2004 Akira TAGOH <tagoh at redhat.com>\n 1.8.1-6\n\n - security fix [CVE-2004-0755]\n\n - ruby-1.8.1-cgi_session_perms.patch: sets the\n permission of the session data file to 0600. (#130063)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-October/000334.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f97b0891\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"irb-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-debuginfo-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-devel-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-docs-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-libs-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-mode-1.8.1-6\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"ruby-tcltk-1.8.1-6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-libs / etc\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:05:20", "description": "An updated ruby package that fixes insecure file permissions for CGI\nsession files is now available.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nAndres Salomon reported an insecure file permissions flaw in the CGI\nsession management of Ruby. FileStore created world readable files\nthat could allow a malicious local user the ability to read CGI\nsession data. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0755 to this issue.\n\nUsers are advised to upgrade to this erratum package, which contains a\nbackported patch to CGI::Session FileStore.", "edition": 27, "published": "2004-10-02T00:00:00", "title": "RHEL 2.1 / 3 : ruby (RHSA-2004:441)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "modified": "2004-10-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:irb", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-mode", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2004-441.NASL", "href": "https://www.tenable.com/plugins/nessus/15412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2004:441. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15412);\n script_version(\"1.27\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2004-0755\");\n script_xref(name:\"RHSA\", value:\"2004:441\");\n\n script_name(english:\"RHEL 2.1 / 3 : ruby (RHSA-2004:441)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated ruby package that fixes insecure file permissions for CGI\nsession files is now available.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nAndres Salomon reported an insecure file permissions flaw in the CGI\nsession management of Ruby. FileStore created world readable files\nthat could allow a malicious local user the ability to read CGI\nsession data. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2004-0755 to this issue.\n\nUsers are advised to upgrade to this erratum package, which contains a\nbackported patch to CGI::Session FileStore.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2004-0755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2004:441\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2004:441\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"irb-1.6.4-2.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-1.6.4-2.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-devel-1.6.4-2.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-docs-1.6.4-2.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-libs-1.6.4-2.AS21.0\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-tcltk-1.6.4-2.AS21.0\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-1.6.8-9.EL3.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-devel-1.6.8-9.EL3.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-libs-1.6.8-9.EL3.2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-mode-1.6.8-9.EL3.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T02:47:02", "description": "According to a Debian Security Advisory :\n\nAndres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore [...]) implementations store session\ninformation insecurely. They simply create files, ignoring permission\nissues. This can lead an attacker who has also shell access to the\nwebserver to take over a session.", "edition": 25, "published": "2004-08-17T00:00:00", "title": "FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_RUBY_181.NASL", "href": "https://www.tenable.com/plugins/nessus/14280", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14280);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/20 11:04:17\");\n\n script_cve_id(\"CVE-2004-0755\");\n script_xref(name:\"DSA\", value:\"537\");\n\n script_name(english:\"FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"According to a Debian Security Advisory :\n\nAndres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore [...]) implementations store session\ninformation insecurely. They simply create files, ignoring permission\nissues. This can lead an attacker who has also shell access to the\nwebserver to take over a session.\"\n );\n # http://xforce.iss.net/xforce/xfdb/16996\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c8512db2\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=109267579822250&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=109267579822250&w=2\"\n );\n # https://vuxml.freebsd.org/freebsd/e811aaf1-f015-11d8-876f-00902714cc7c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?052b3b6d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby<1.6.8.2004.07.26\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=1.7.0<1.8.1.2004.07.23\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T10:02:56", "description": "Andres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell access\nto the webserver to take over a session.", "edition": 26, "published": "2004-09-29T00:00:00", "title": "Debian DSA-537-1 : ruby - insecure file permissions", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0755"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:ruby"], "id": "DEBIAN_DSA-537.NASL", "href": "https://www.tenable.com/plugins/nessus/15374", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-537. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15374);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0755\");\n script_xref(name:\"DSA\", value:\"537\");\n\n script_name(english:\"Debian DSA-537-1 : ruby - insecure file permissions\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andres Salomon noticed a problem in the CGI session management of\nRuby, an object-oriented scripting language. CGI::Session's FileStore\n(and presumably PStore, but not in Debian woody) implementations store\nsession information insecurely. They simply create files, ignoring\npermission issues. This can lead an attacker who has also shell access\nto the webserver to take over a session.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260779\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-537\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the libruby package.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 1.6.7-3woody3.\n\nFor the unstable and testing distributions (sid and sarge) this\nproblem has been fixed in version 1.8.1+1.8.2pre1-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/08/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"irb\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcurses-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdbm-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdbm-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libnkf-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpty-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libreadline-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsdbm-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsyslog-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtcltk-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtk-ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-dev\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-elisp\", reference:\"1.6.7-3woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-examples\", reference:\"1.6.7-3woody3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:51:23", "description": "Andres Salomon noticed a problem with the CGI session management in\nRuby. The CGI:Session's FileStore implementations store session\ninformation in an insecure manner by just creating files and ignoring\npermission issues (CVE-2004-0755).\n\nThe ruby developers have corrected a problem in the ruby CGI module\nthat can be triggered remotely and cause an inifinite loop on the\nserver (CVE-2004-0983).\n\nThe updated packages are patched to prevent these problems.", "edition": 25, "published": "2004-11-09T00:00:00", "title": "Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0983", "CVE-2004-0755"], "modified": "2004-11-09T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:9.2", "p-cpe:/a:mandriva:linux:ruby-tk", "p-cpe:/a:mandriva:linux:ruby-devel"], "id": "MANDRAKE_MDKSA-2004-128.NASL", "href": "https://www.tenable.com/plugins/nessus/15650", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2004:128. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15650);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0755\", \"CVE-2004-0983\");\n script_xref(name:\"MDKSA\", value:\"2004:128\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andres Salomon noticed a problem with the CGI session management in\nRuby. The CGI:Session's FileStore implementations store session\ninformation in an insecure manner by just creating files and ignoring\npermission issues (CVE-2004-0755).\n\nThe ruby developers have corrected a problem in the ruby CGI module\nthat can be triggered remotely and cause an inifinite loop on the\nserver (CVE-2004-0983).\n\nThe updated packages are patched to prevent these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"ruby-1.8.1-1.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ruby-devel-1.8.1-1.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ruby-doc-1.8.1-1.2.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"ruby-tk-1.8.1-1.2.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-1.8.1-4.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-devel-1.8.1-4.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-doc-1.8.1-4.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-tk-1.8.1-4.2.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.2\", reference:\"ruby-1.8.0-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"ruby-devel-1.8.0-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"ruby-doc-1.8.0-4.2.92mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.2\", reference:\"ruby-tk-1.8.0-4.2.92mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:05:43", "description": " - Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> -\n 1.8.1-7.FC3.1\n\n - security fix [CVE-2004-0983]\n\n - security fix [CVE-2004-0755]\n\n - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of\n service issue. (#138366)\n\n - ruby-1.8.1-cgi_session_perms.patch: sets the\n permission of the session data file to 0600. (#130063)\n\n - Sat Oct 30 2004 Akira TAGOH <tagoh at redhat.com> -\n 1.8.1-7.fc3\n\n - added openssl-devel and db4-devel into BuildRequires.\n (#137479)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "published": "2004-11-17T00:00:00", "title": "Fedora Core 3 : ruby-1.8.1-7.FC3.1 (2004-403)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0983", "CVE-2004-0755"], "modified": "2004-11-17T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ruby-docs", "p-cpe:/a:fedoraproject:fedora:ruby-debuginfo", "p-cpe:/a:fedoraproject:fedora:ruby-tcltk", "cpe:/o:fedoraproject:fedora_core:3", "p-cpe:/a:fedoraproject:fedora:ruby-devel", "p-cpe:/a:fedoraproject:fedora:ruby-mode", "p-cpe:/a:fedoraproject:fedora:irb", "p-cpe:/a:fedoraproject:fedora:ruby-libs", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2004-403.NASL", "href": "https://www.tenable.com/plugins/nessus/15731", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2004-403.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15731);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2004-403\");\n\n script_name(english:\"Fedora Core 3 : ruby-1.8.1-7.FC3.1 (2004-403)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> -\n 1.8.1-7.FC3.1\n\n - security fix [CVE-2004-0983]\n\n - security fix [CVE-2004-0755]\n\n - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of\n service issue. (#138366)\n\n - ruby-1.8.1-cgi_session_perms.patch: sets the\n permission of the session data file to 0600. (#130063)\n\n - Sat Oct 30 2004 Akira TAGOH <tagoh at redhat.com> -\n 1.8.1-7.fc3\n\n - added openssl-devel and db4-devel into BuildRequires.\n (#137479)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2004-November/000386.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?16bfbe30\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/11/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"irb-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-debuginfo-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-devel-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-docs-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-libs-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-mode-1.8.1-7.FC3.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"ruby-tcltk-1.8.1-7.FC3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-libs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
