Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2022-6447.NASL
HistoryOct 08, 2022 - 12:00 a.m.

AlmaLinux 8 : ruby:2.7 (ALSA-2022:6447)

2022-10-0800:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
JSON

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6447 advisory.

  • Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. (CVE-2021-41817)

  • CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. (CVE-2021-41819)

  • There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. (CVE-2022-28739)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2022:6447.
##

include('compat.inc');

if (description)
{
  script_id(165791);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/10");

  script_cve_id("CVE-2021-41817", "CVE-2021-41819", "CVE-2022-28739");
  script_xref(name:"ALSA", value:"2022:6447");

  script_name(english:"AlmaLinux 8 : ruby:2.7 (ALSA-2022:6447)");

  script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2022:6447 advisory.

  - Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via
    a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. (CVE-2021-41817)

  - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects
    the CGI gem through 0.3.0 for Ruby. (CVE-2021-41819)

  - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before
    3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. (CVE-2022-28739)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/8/ALSA-2022-6447.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41819");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28739");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby-default-gems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-bson");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-bundler");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-minitest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-mysql2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-net-telnet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-openssl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-pg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-power_assert");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-rake");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-test-unit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygem-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:rubygems-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:8");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alma Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/AlmaLinux/release');
if (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);

if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);

var module_ver = get_kb_item('Host/AlmaLinux/appstream/ruby');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.7');
if ('2.7' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module ruby:' + module_ver);

var appstreams = {
    'ruby:2.7': [
      {'reference':'ruby-default-gems-2.7.6-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'ruby-doc-2.7.6-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-bundler-2.2.24-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-irb-1.2.6-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-minitest-5.13.0-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-net-telnet-0.2.0-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-power_assert-1.1.7-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-rake-13.0.1-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-rdoc-6.2.1.1-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-test-unit-3.3.4-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygem-xmlrpc-0.3.0-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygems-3.1.6-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'rubygems-devel-3.1.6-138.module_el8.6.0+3263+904da987', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
    ]
};

var flag = 0;
var appstreams_found = 0;
foreach module (keys(appstreams)) {
  var appstream = NULL;
  var appstream_name = NULL;
  var appstream_version = NULL;
  var appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach package_array ( appstreams[module] ) {
      var reference = NULL;
      var release = NULL;
      var sp = NULL;
      var cpu = NULL;
      var el_string = NULL;
      var rpm_spec_vers_cmp = NULL;
      var epoch = NULL;
      var allowmaj = NULL;
      var exists_check = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
      if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
      if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module ruby:2.7');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby-default-gems / ruby-doc / rubygem-bundler / rubygem-irb / etc');
}
VendorProductVersionCPE
almalinuxrubyp-cpe:/a:alma:linux:ruby
almalinuxruby-default-gemsp-cpe:/a:alma:linux:ruby-default-gems
almalinuxruby-develp-cpe:/a:alma:linux:ruby-devel
almalinuxruby-docp-cpe:/a:alma:linux:ruby-doc
almalinuxruby-libsp-cpe:/a:alma:linux:ruby-libs
almalinuxrubygem-bigdecimalp-cpe:/a:alma:linux:rubygem-bigdecimal
almalinuxrubygem-bsonp-cpe:/a:alma:linux:rubygem-bson
almalinuxrubygem-bundlerp-cpe:/a:alma:linux:rubygem-bundler
almalinuxrubygem-io-consolep-cpe:/a:alma:linux:rubygem-io-console
almalinuxrubygem-irbp-cpe:/a:alma:linux:rubygem-irb
Rows per page:
1-10 of 251

Related

nessus 79
almalinux 6
osv 27
redhat 13
oraclelinux 8
rocky 6
debian 4
fedora 3
ubuntu 3
cloudfoundry 2
prion 3
f5 1
ubuntucve 3
alpinelinux 3
hackerone 2
redhatcve 3
debiancve 3
photon 3
suse 2
cbl_mariner 3
github 2
amazon 4
veracode 3
freebsd 3
cve 3
cnvd 1
gentoo 1
rubygems 1
redos 1
slackware 1
mageia 2
nessus
nessus
Oracle Linux 8 : ruby:2.7 (ELSA-2022-6447)
2022-09-15 00:00:00
RHEL 8 : ruby:2.7 (RHSA-2022:6447)
2022-09-13 00:00:00
EulerOS Virtualization 3.0.6.0 : ruby (EulerOS-SA-2022-2588)
2022-10-10 00:00:00
almalinux
almalinux
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:2.5 security update
2022-08-01 00:00:00
osv
osv
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 00:00:00
Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
Moderate: ruby:3.0 security, bug fix, and enhancement update
2022-09-13 07:36:53
redhat
redhat
(RHSA-2022:6447) Moderate: ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
(RHSA-2022:6856) Moderate: rh-ruby27-ruby security, bug fix, and enhancement update
2022-10-11 07:10:36
(RHSA-2022:5779) Moderate: ruby:2.5 security update
2022-08-01 09:05:09
oraclelinux
oraclelinux
ruby:2.7 security, bug fix, and enhancement update
2022-09-15 00:00:00
ruby:2.5 security update
2022-08-03 00:00:00
ruby:3.0 security, bug fix, and enhancement update
2022-09-15 00:00:00
rocky
rocky
ruby:2.7 security, bug fix, and enhancement update
2022-09-13 07:36:49
ruby:3.0 security, bug fix, and enhancement update
2022-09-13 07:36:53
ruby:2.5 security update
2022-08-01 09:05:09
debian
debian
[SECURITY] [DLA 2853-1] ruby2.3 security update
2021-12-28 10:36:26
[SECURITY] [DSA 5067-1] ruby2.7 security update
2022-02-03 19:30:34
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
fedora
fedora
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
[SECURITY] Fedora 36 Update: ruby-3.1.2-164.fc36
2022-05-07 05:07:39
ubuntu
ubuntu
Ruby vulnerabilities
2022-01-18 00:00:00
Ruby vulnerability
2022-06-06 00:00:00
Ruby vulnerabilities
2022-06-06 00:00:00
cloudfoundry
cloudfoundry
USN-5235-1: Ruby vulnerabilities | Cloud Foundry
2022-03-09 00:00:00
USN-5462-1: Ruby vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
prion
prion
Code injection
2022-01-01 06:15:00
Design/Logic Flaw
2022-05-09 18:15:00
Design/Logic Flaw
2022-01-01 05:15:00
f5
f5
K30272432 : RubyGems vulnerability CVE-2021-41817
2022-06-01 00:00:00
ubuntucve
ubuntucve
CVE-2021-41817
2022-01-01 00:00:00
CVE-2022-28739
2022-05-09 00:00:00
CVE-2021-41819
2022-01-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-41817
2022-01-01 05:15:00
CVE-2022-28739
2022-05-09 18:15:00
CVE-2021-41819
2022-01-01 06:15:00
hackerone
hackerone
Internet Bug Bounty: Ruby - Regular Expression Denial of Service Vulnerability of Date Parsing Methods
2021-11-19 00:37:38
Internet Bug Bounty: Ruby CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse
2022-01-30 07:31:32
redhatcve
redhatcve
CVE-2021-41817
2021-11-19 21:23:19
CVE-2021-41819
2021-11-25 19:11:16
CVE-2022-28739
2022-04-20 05:24:54
debiancve
debiancve
CVE-2021-41817
2022-01-01 05:15:00
CVE-2021-41819
2022-01-01 06:15:00
CVE-2022-28739
2022-05-09 18:15:00
photon
photon
Important Photon OS Security Update - PHSA-2024-4.0-0562
2024-02-08 00:00:00
Critical Photon OS Security Update - PHSA-2022-0199
2022-06-17 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0447
2022-09-07 00:00:00
suse
suse
Security update for ruby2.5 (important)
2022-05-03 00:00:00
Security update for ruby2.5 (moderate)
2022-09-16 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
CVE-2021-41817 affecting package ruby 2.7.4-6
2022-04-26 20:17:12
CVE-2021-41819 affecting package ruby 2.7.4-6
2022-04-26 20:17:12
github
github
Regular expression denial of service vulnerability (ReDoS) in date
2021-11-16 00:32:30
Cookie Prefix Spoofing in CGI::Cookie.parse
2022-01-21 23:22:17
amazon
amazon
Medium: ruby20
2022-10-03 19:29:00
Medium: ruby
2023-11-09 19:19:00
Medium: ruby
2022-09-30 07:04:00
veracode
veracode
Denial Of Service (DoS)
2021-11-25 17:08:14
Regular Expression Denial Of Service (ReDoS)
2021-11-17 06:57:56
Buffer Overflow
2022-04-13 07:35:02
freebsd
freebsd
Ruby -- Buffer overrun in String-to-Float conversion
2022-04-12 00:00:00
rubygem-date -- Regular Expression Denial of Service Vunlerability of Date Parsing Methods
2021-11-15 00:00:00
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-24 00:00:00
cve
cve
CVE-2021-41817
2022-01-01 05:15:00
CVE-2021-41819
2022-01-01 06:15:00
CVE-2022-28739
2022-05-09 18:15:00
cnvd
cnvd
Ruby has unspecified vulnerabilities (CNVD-2022-06510)
2021-11-29 00:00:00
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
rubygems
rubygems
Buffer overrun in String-to-Float conversion
2022-04-11 21:00:00
redos
redos
ROS-20220516-06
2022-05-16 00:00:00
slackware
slackware
[slackware-security] ruby
2022-04-13 20:52:10
mageia
mageia
Updated ruby packages fix security vulnerability
2022-04-16 00:35:09
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
JSON
Related for ALMA_LINUX_ALSA-2022-6447.NASL
nessus79almalinux6osv27redhat13oraclelinux8rocky6debian4fedora3ubuntu3cloudfoundry2prion3f51ubuntucve3alpinelinux3hackerone2redhatcve3debiancve3photon3suse2cbl_mariner3github2amazon4veracode3freebsd3cve3cnvd1gentoo1rubygems1redos1slackware1mageia2