Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-5530.NASL
HistoryOct 22, 2023 - 12:00 a.m.

Debian DSA-5530-1 : ruby-rack - security update

2023-10-2200:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
debian
ruby
rack
security
update
vulnerability
denial of service
cve-2022-30122
cve-2022-30123
cve-2022-44570
cve-2022-44571
cve-2022-44572
cve-2023-27530
cve-2023-27539
JSON

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5530 advisory.

  • A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack. (CVE-2022-30122)

  • A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack. (CVE-2022-30123)

  • A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570)

  • There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content- Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571)

  • A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. (CVE-2022-44572)

  • A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. (CVE-2023-27530)

  • The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dsa-5530. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(183679);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/22");

  script_cve_id(
    "CVE-2022-30122",
    "CVE-2022-30123",
    "CVE-2022-44570",
    "CVE-2022-44571",
    "CVE-2022-44572",
    "CVE-2023-27530",
    "CVE-2023-27539"
  );

  script_name(english:"Debian DSA-5530-1 : ruby-rack - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the
dsa-5530 advisory.

  - A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart
    parsing component of Rack. (CVE-2022-30122)

  - A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a
    possible shell escape in the Lint and CommonLogger components of Rack. (CVE-2022-30123)

  - A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully
    crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time,
    possibly resulting in a denial of service attack vector. Any applications that deal with Range requests
    (such as streaming applications, or applications that serve files) may be impacted. (CVE-2022-44570)

  - There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in
    2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-
    Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial
    ofservice attack vector. This header is used typically used in multipartparsing. Any applications that
    parse multipart posts using Rack (virtuallyall Rails applications) are impacted. (CVE-2022-44571)

  - A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2,
    2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary
    parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack
    vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are
    impacted. (CVE-2022-44572)

  - A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart
    MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart
    parsing to take longer than expected. (CVE-2023-27530)

  - The Ruby on Rails advisory describes this vulnerability as follows: (CVE-2023-27539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029832");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/ruby-rack");
  script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2023/dsa-5530");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-30122");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-30123");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44570");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44571");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-44572");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-27530");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-27539");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/ruby-rack");
  script_set_attribute(attribute:"solution", value:
"Upgrade the ruby-rack packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-30123");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby-rack");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'ruby-rack', 'reference': '2.1.4-3+deb11u1'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby-rack');
}
VendorProductVersionCPE
debiandebian_linuxruby-rackp-cpe:/a:debian:debian_linux:ruby-rack
debiandebian_linux11.0cpe:/o:debian:debian_linux:11.0

References

Related

openvas 16
debian 5
osv 25
redos 3
mageia 3
freebsd 3
nessus 42
ubuntu 4
almalinux 2
amazon 2
redhat 12
oraclelinux 3
suse 1
gentoo 1
rocky 3
hackerone 7
veracode 7
prion 6
debiancve 7
redhatcve 7
github 7
cve 7
ubuntucve 7
rubygems 7
ibm 1
openvas
openvas
Debian: Security Advisory (DSA-5530-1)
2023-10-23 00:00:00
Mageia: Security Advisory (MGASA-2023-0106)
2023-03-28 00:00:00
Ubuntu: Security Advisory (USN-5910-1)
2023-03-03 00:00:00
debian
debian
[SECURITY] [DSA 5530-1] ruby-rack security update
2023-10-22 12:35:21
[SECURITY] [DLA 3095-1] ruby-rack security update
2022-09-03 20:52:47
[SECURITY] [DLA 3392-1] ruby-rack security update
2023-04-17 13:57:41
osv
osv
ruby-rack - security update
2023-10-22 00:00:00
ruby-rack vulnerabilities
2023-03-02 17:43:56
Moderate: pcs security and bug fix update
2023-05-18 19:18:23
redos
redos
ROS-20240403-12
2024-04-03 00:00:00
ROS-20220706-02
2022-07-06 00:00:00
ROS-20240404-10
2024-04-04 00:00:00
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2023-03-24 08:55:49
Updated ruby-rack packages fix security vulnerability
2022-07-05 22:11:26
Updated ruby-rack fixes a vulnerability and some bugs
2024-02-19 20:35:05
freebsd
freebsd
rack -- Multiple vulnerabilities
2023-01-17 00:00:00
rack -- possible denial of service vulnerability in header parsing
2023-03-13 00:00:00
rack -- possible DoS vulnerability in multipart MIME parsing
2023-03-03 00:00:00
nessus
nessus
FreeBSD : rack -- Multiple vulnerabilities (95176ba5-9796-11ed-bfbf-080027f5fec9)
2023-01-19 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : Rack vulnerabilities (USN-5910-1)
2023-03-04 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-rack (SUSE-SU-2023:0276-1)
2023-02-07 00:00:00
ubuntu
ubuntu
Rack vulnerabilities
2023-03-02 00:00:00
Rack vulnerabilities
2023-02-27 00:00:00
Rack vulnerabilities
2022-12-13 00:00:00
almalinux
almalinux
Moderate: pcs security and bug fix update
2023-05-16 00:00:00
Important: pcs security and bug fix update
2023-05-09 00:00:00
amazon
amazon
Important: pcs
2022-12-01 20:31:00
Medium: pcs
2023-04-27 18:36:00
redhat
redhat
(RHSA-2023:3403) Moderate: pcs security and bug fix update
2023-05-31 15:30:50
(RHSA-2023:1981) Moderate: pcs security and bug fix update
2023-04-25 09:58:19
(RHSA-2023:1961) Moderate: pcs security and bug fix update
2023-04-25 08:12:36
oraclelinux
oraclelinux
pcs security update
2023-05-29 00:00:00
pcs security update
2023-07-20 00:00:00
pcs security update
2022-11-03 00:00:00
suse
suse
Security update for rubygem-rack (critical)
2022-06-27 00:00:00
gentoo
gentoo
Rack: Multiple Vulnerabilities
2023-10-30 00:00:00
rocky
rocky
pcs security and bug fix update
2023-05-18 19:18:23
pcs security and bug fix update
2023-05-25 19:53:02
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
hackerone
hackerone
Internet Bug Bounty: [CVE-2022-44570] Possible Denial of Service Vulnerability in Rack’s Range header parsing
2023-06-04 07:06:53
Ruby on Rails: Escape Sequence Injection vulnerability in Rack
2021-11-29 12:44:26
Ruby on Rails: ReDoS in Rack::Multipart
2022-02-22 22:34:07
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-01-19 02:08:09
Regular Expression Denial Of Service (ReDoS)
2023-01-25 03:22:15
Regular Expression Denial Of Service (ReDoS)
2023-03-17 02:16:44
prion
prion
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
Denial of service
2023-02-09 20:15:00
debiancve
debiancve
CVE-2022-44571
2023-02-09 20:15:00
CVE-2022-30122
2022-12-05 22:15:00
CVE-2022-44570
2023-02-09 20:15:00
redhatcve
redhatcve
CVE-2022-30122
2022-06-21 08:00:04
CVE-2022-44572
2023-01-26 10:06:11
CVE-2022-44571
2023-01-26 10:01:14
github
github
Denial of service via multipart parsing in Rack
2023-01-18 18:19:21
Possible shell escape sequence injection vulnerability in Rack
2022-05-27 16:36:51
Denial of Service Vulnerability in Rack Multipart Parsing
2022-05-27 16:36:52
cve
cve
CVE-2022-44572
2023-02-09 20:15:00
CVE-2022-44570
2023-02-09 20:15:00
CVE-2022-44571
2023-02-09 20:15:00
ubuntucve
ubuntucve
CVE-2022-30122
2022-12-05 00:00:00
CVE-2022-44572
2023-02-09 00:00:00
CVE-2022-44570
2023-02-09 00:00:00
rubygems
rubygems
Denial of service via multipart parsing in Rack
2023-01-17 21:00:00
Denial of service via header parsing in Rack
2023-01-17 21:00:00
Possible DoS Vulnerability in Multipart MIME parsing
2023-03-02 21:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
2024-02-28 21:45:52
JSON
Related for DEBIAN_DSA-5530.NASL
openvas16debian5osv25redos3mageia3freebsd3nessus42ubuntu4almalinux2amazon2redhat12oraclelinux3suse1gentoo1rocky3hackerone7veracode7prion6debiancve7redhatcve7github7cve7ubuntucve7rubygems7ibm1