Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.ALA_ALAS-2015-549.NASL
HistoryJun 18, 2015 - 12:00 a.m.

Amazon Linux AMI : ruby22 (ALAS-2015-549)

2015-06-1800:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
11
JSON

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against.
This mechanism is implemented via DNS, specificly a SRV record
_rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)

As discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900 , which allowed redirection to an arbitrary gem server in any security domain.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-549.
#

include("compat.inc");

if (description)
{
  script_id(84250);
  script_version("2.3");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2015-3900", "CVE-2015-4020");
  script_xref(name:"ALAS", value:"2015-549");

  script_name(english:"Amazon Linux AMI : ruby22 (ALAS-2015-549)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"RubyGems provides the ability of a domain to direct clients to a
separate host that is used to fetch gems and make API calls against.
This mechanism is implemented via DNS, specificly a SRV record
_rubygems._tcp under the original requested domain. RubyGems did not
validate the hostname returned in the SRV record before sending
requests to it. (CVE-2015-3900)

As discussed upstream, CVE-2015-4020 is due to an incomplete fix for
CVE-2015-3900 , which allowed redirection to an arbitrary gem server
in any security domain."
  );
  # https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3dfa3e8c"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-549.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update ruby22' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems22");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems22-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"ruby22-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-debuginfo-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-devel-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-doc-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-irb-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-libs-2.2.2-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-bigdecimal-1.2.6-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-io-console-0.4.3-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-psych-2.0.8-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems22-2.4.5-1.6.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems22-devel-2.4.5-1.6.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby22 / ruby22-debuginfo / ruby22-devel / ruby22-doc / ruby22-irb / etc");
}
VendorProductVersionCPE
amazonlinuxruby22p-cpe:/a:amazon:linux:ruby22
amazonlinuxruby22-debuginfop-cpe:/a:amazon:linux:ruby22-debuginfo
amazonlinuxruby22-develp-cpe:/a:amazon:linux:ruby22-devel
amazonlinuxruby22-docp-cpe:/a:amazon:linux:ruby22-doc
amazonlinuxruby22-irbp-cpe:/a:amazon:linux:ruby22-irb
amazonlinuxruby22-libsp-cpe:/a:amazon:linux:ruby22-libs
amazonlinuxrubygem22-bigdecimalp-cpe:/a:amazon:linux:rubygem22-bigdecimal
amazonlinuxrubygem22-io-consolep-cpe:/a:amazon:linux:rubygem22-io-console
amazonlinuxrubygem22-psychp-cpe:/a:amazon:linux:rubygem22-psych
amazonlinuxrubygems22p-cpe:/a:amazon:linux:rubygems22
Rows per page:
1-10 of 121

Related

amazon 3
nessus 11
debiancve 2
ubuntucve 2
openvas 10
cve 2
github 2
prion 2
osv 2
hackerone 2
fedora 3
veracode 1
threatpost 1
redhat 1
mageia 1
freebsd 1
rubygems 2
suse 2
amazon
amazon
Medium: ruby21
2015-06-16 10:30:00
Medium: ruby22
2015-06-16 10:30:00
Medium: ruby20
2015-06-16 10:30:00
nessus
nessus
Amazon Linux AMI : ruby21 (ALAS-2015-548)
2015-06-18 00:00:00
Amazon Linux AMI : ruby20 (ALAS-2015-547)
2015-06-18 00:00:00
Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities
2015-07-23 00:00:00
debiancve
debiancve
CVE-2015-4020
2015-08-25 17:59:00
CVE-2015-3900
2015-06-24 14:59:00
ubuntucve
ubuntucve
CVE-2015-4020
2015-08-25 00:00:00
CVE-2015-3900
2015-06-24 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2015-548)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-549)
2015-09-08 00:00:00
Amazon Linux: Security Advisory (ALAS-2015-547)
2015-09-08 00:00:00
cve
cve
CVE-2015-4020
2015-08-25 17:59:00
CVE-2015-3900
2015-06-24 14:59:00
github
github
RubyGems Improper Input Validation vulnerability
2022-05-17 00:16:50
RubyGems vulnerable to DNS hijack attack
2022-05-14 01:08:49
prion
prion
Design/Logic Flaw
2015-08-25 17:59:00
Design/Logic Flaw
2015-06-24 14:59:00
osv
osv
RubyGems Improper Input Validation vulnerability
2022-05-17 00:16:50
RubyGems vulnerable to DNS hijack attack
2022-05-14 01:08:49
hackerone
hackerone
RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier
2017-04-02 17:31:05
RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier
2015-05-06 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: rubygems-2.4.8-100.fc22
2015-08-11 02:06:59
[SECURITY] Fedora 21 Update: rubygems-2.2.5-100.fc21
2015-08-19 08:17:15
[SECURITY] Fedora 23 Update: rubygems-2.4.8-100.fc23
2015-08-10 10:06:28
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:07:12
threatpost
threatpost
RubyGems Patches Serious Redirection Vulnerability
2015-06-23 09:55:51
redhat
redhat
(RHSA-2015:1657) Important: rh-ruby22-ruby security update
2015-08-24 00:00:00
mageia
mageia
Updated ruby-RubyGems packages fix security vulnerabilities
2015-09-08 20:55:59
freebsd
freebsd
rubygems -- request hijacking vulnerability
2015-05-14 00:00:00
rubygems
rubygems
CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()
2015-05-13 21:00:00
RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking
2015-06-07 21:00:00
suse
suse
Security update for ruby2.1 (important)
2017-04-28 18:11:28
Security update for ruby2.1 (important)
2017-04-20 12:08:57
JSON
Related for ALA_ALAS-2015-549.NASL
amazon3nessus11debiancve2ubuntucve2openvas10cve2github2prion2osv2hackerone2fedora3veracode1threatpost1redhat1mageia1freebsd1rubygems2suse2