Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.DEBIAN_DSA-537.NASL
HistorySep 29, 2004 - 12:00 a.m.

Debian DSA-537-1 : ruby - insecure file permissions

2004-09-2900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
8

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Andres Salomon noticed a problem in the CGI session management of Ruby, an object-oriented scripting language. CGI::Session’s FileStore (and presumably PStore, but not in Debian woody) implementations store session information insecurely. They simply create files, ignoring permission issues. This can lead an attacker who has also shell access to the webserver to take over a session.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-537. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(15374);
  script_version("1.23");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2004-0755");
  script_xref(name:"DSA", value:"537");

  script_name(english:"Debian DSA-537-1 : ruby - insecure file permissions");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Andres Salomon noticed a problem in the CGI session management of
Ruby, an object-oriented scripting language. CGI::Session's FileStore
(and presumably PStore, but not in Debian woody) implementations store
session information insecurely. They simply create files, ignoring
permission issues. This can lead an attacker who has also shell access
to the webserver to take over a session."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=260779"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2004/dsa-537"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the libruby package.

For the stable distribution (woody) this problem has been fixed in
version 1.6.7-3woody3.

For the unstable and testing distributions (sid and sarge) this
problem has been fixed in version 1.8.1+1.8.2pre1-4."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/08/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"irb", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libcurses-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libdbm-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libgdbm-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libnkf-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libpty-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libreadline-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libsdbm-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libsyslog-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libtcltk-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"libtk-ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"ruby", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"ruby-dev", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"ruby-elisp", reference:"1.6.7-3woody3")) flag++;
if (deb_check(release:"3.0", prefix:"ruby-examples", reference:"1.6.7-3woody3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxrubyp-cpe:/a:debian:debian_linux:ruby
debiandebian_linux3.0cpe:/o:debian:debian_linux:3.0

Related

nvd 1
debian 2
openvas 6
nessus 6
securityvulns 1
gentoo 1
osv 1
cvelist 1
redhat 1
cve 1
ubuntucve 1
freebsd 1
nvd
nvd
CVE-2004-0755
2004-10-20 04:00:00
debian
debian
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49
[SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management
2004-08-16 04:12:49
openvas
openvas
Gentoo Security Advisory GLSA 200409-08 (dev-lang/ruby)
2008-09-24 00:00:00
FreeBSD Ports: ruby
2008-09-04 00:00:00
Debian Security Advisory DSA 537-1 (ruby)
2008-01-17 00:00:00
nessus
nessus
RHEL 2.1 / 3 : ruby (RHSA-2004:441)
2004-10-02 00:00:00
FreeBSD : Ruby insecure file permissions in the CGI session management (e811aaf1-f015-11d8-876f-00902714cc7c)
2004-08-17 00:00:00
GLSA-200409-08 : Ruby: CGI::Session creates files insecurely
2004-09-04 00:00:00
securityvulns
securityvulns
[ GLSA 200409-08 ] Ruby: CGI::Session creates files insecurely
2004-09-06 00:00:00
gentoo
gentoo
Ruby: CGI::Session creates files insecurely
2004-09-03 00:00:00
osv
osv
ruby - insecure file permissions
2004-08-16 00:00:00
cvelist
cvelist
CVE-2004-0755
2004-08-19 04:00:00
redhat
redhat
(RHSA-2004:441) ruby security update
2004-09-30 00:00:00
cve
cve
CVE-2004-0755
2004-10-20 04:00:00
ubuntucve
ubuntucve
CVE-2004-0755
2004-10-20 00:00:00
freebsd
freebsd
Ruby insecure file permissions in the CGI session management
2004-08-16 00:00:00

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for DEBIAN_DSA-537.NASL
nvd1debian2openvas6nessus6securityvulns1gentoo1osv1cvelist1redhat1cve1ubuntucve1freebsd1