Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-1292.NASL
HistoryJan 30, 2023 - 12:00 a.m.

EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2023-1292)

2023-01-3000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
JSON

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. (CVE-2021-31799)

  • An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port.
    This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). (CVE-2021-31810)

  • An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the- middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a ‘StartTLS stripping attack.’ (CVE-2021-32066)

  • CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. (CVE-2021-41819)

  • There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. (CVE-2022-28739)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(170790);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");

  script_cve_id(
    "CVE-2021-31799",
    "CVE-2021-31810",
    "CVE-2021-32066",
    "CVE-2021-41819",
    "CVE-2022-28739"
  );

  script_name(english:"EulerOS Virtualization 3.0.2.2 : ruby (EulerOS-SA-2023-1292)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute
    arbitrary code via | and tags in a filename. (CVE-2021-31799)

  - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP
    server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port.
    This potentially makes curl extract information about services that are otherwise private and not
    disclosed (e.g., the attacker can conduct port scans and service banner extractions). (CVE-2021-31810)

  - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does
    not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-
    middle attackers to bypass the TLS protections by leveraging a network position between the client and the
    registry to block the StartTLS command, aka a 'StartTLS stripping attack.' (CVE-2021-32066)

  - CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects
    the CGI gem through 0.3.0 for Ruby. (CVE-2021-41819)

  - There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before
    3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. (CVE-2022-28739)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1292
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?33202f05");
  script_set_attribute(attribute:"solution", value:
"Update the affected ruby packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-32066");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28739");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/01/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "ruby-2.0.0.648-33.h36.eulerosv2r7",
  "ruby-irb-2.0.0.648-33.h36.eulerosv2r7",
  "ruby-libs-2.0.0.648-33.h36.eulerosv2r7",
  "rubygem-bigdecimal-1.2.0-33.h36.eulerosv2r7",
  "rubygem-io-console-0.4.2-33.h36.eulerosv2r7",
  "rubygem-json-1.7.7-33.h36.eulerosv2r7",
  "rubygem-psych-2.0.0-33.h36.eulerosv2r7",
  "rubygem-rdoc-4.0.0-33.h36.eulerosv2r7",
  "rubygems-2.0.14.1-33.h36.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
}
VendorProductVersionCPE
huaweieulerosrubyp-cpe:/a:huawei:euleros:ruby
huaweieulerosruby-irbp-cpe:/a:huawei:euleros:ruby-irb
huaweieulerosruby-libsp-cpe:/a:huawei:euleros:ruby-libs
huaweieulerosrubygem-bigdecimalp-cpe:/a:huawei:euleros:rubygem-bigdecimal
huaweieulerosrubygem-io-consolep-cpe:/a:huawei:euleros:rubygem-io-console
huaweieulerosrubygem-jsonp-cpe:/a:huawei:euleros:rubygem-json
huaweieulerosrubygem-psychp-cpe:/a:huawei:euleros:rubygem-psych
huaweieulerosrubygem-rdocp-cpe:/a:huawei:euleros:rubygem-rdoc
huaweieulerosrubygemsp-cpe:/a:huawei:euleros:rubygems
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.2

Related

oraclelinux 8
suse 4
nessus 88
cloudfoundry 1
rocky 6
osv 23
redhat 12
debian 2
ubuntu 1
archlinux 3
freebsd 2
almalinux 5
fedora 3
mageia 1
gentoo 1
cnvd 2
debiancve 4
prion 3
photon 2
ubuntucve 4
veracode 4
cve 5
redhatcve 3
alpinelinux 4
cbl_mariner 4
hackerone 1
github 1
amazon 2
oraclelinux
oraclelinux
ruby:2.5 security update
2022-02-28 00:00:00
ruby:2.5 security update
2022-03-08 00:00:00
ruby:2.6 security update
2022-02-16 00:00:00
suse
suse
Security update for ruby2.5 (important)
2021-12-01 00:00:00
Security update for ruby2.5 (important)
2022-05-03 00:00:00
Security update for ruby2.5 (important)
2021-12-06 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Ruby vulnerabilities (USN-5020-1)
2021-07-22 00:00:00
EulerOS 2.0 SP9 : ruby (EulerOS-SA-2021-2696)
2021-11-11 00:00:00
FreeBSD : Ruby -- multiple vulnerabilities (7ed5779c-e4c7-11eb-91d7-08002728f74c)
2021-07-16 00:00:00
cloudfoundry
cloudfoundry
USN-5020-1: Ruby vulnerabilities | Cloud Foundry
2021-09-07 00:00:00
rocky
rocky
ruby:2.5 security update
2022-02-24 15:11:44
ruby:2.6 security update
2022-02-16 08:26:13
ruby:2.7 security update
2021-08-05 14:06:16
osv
osv
ruby2.3 - security update
2021-10-11 00:00:00
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Moderate: ruby:2.5 security update
2022-02-24 15:11:44
redhat
redhat
(RHSA-2022:0672) Moderate: ruby:2.5 security update
2022-02-24 15:11:44
(RHSA-2022:0543) Important: ruby:2.6 security update
2022-02-16 08:26:13
(RHSA-2022:0708) Important: rh-ruby26-ruby security, bug fix, and enhancement update
2022-02-28 18:41:38
debian
debian
[SECURITY] [DLA 2780-1] ruby2.3 security update
2021-10-13 14:12:23
[SECURITY] [DSA 5066-1] ruby2.5 security update
2022-02-03 19:26:40
ubuntu
ubuntu
Ruby vulnerabilities
2021-07-21 00:00:00
archlinux
archlinux
[ASA-202107-25] ruby2.6: multiple issues
2021-07-14 00:00:00
[ASA-202107-23] ruby: multiple issues
2021-07-14 00:00:00
[ASA-202107-24] ruby2.7: multiple issues
2021-07-14 00:00:00
freebsd
freebsd
Ruby -- multiple vulnerabilities
2021-07-07 00:00:00
rubygem-cgi -- cookie prefix spoofing in CGI::Cookie.parse
2021-11-24 00:00:00
almalinux
almalinux
Moderate: ruby:2.5 security update
2022-02-24 00:00:00
Important: ruby:2.7 security update
2021-08-05 14:06:16
Important: ruby:2.6 security update
2022-02-16 08:26:13
fedora
fedora
[SECURITY] Fedora 34 Update: ruby-3.0.2-149.fc34
2021-07-29 01:09:21
[SECURITY] Fedora 34 Update: ruby-3.0.4-153.fc34
2022-05-08 02:03:44
[SECURITY] Fedora 35 Update: ruby-3.0.4-153.fc35
2022-05-08 01:48:39
mageia
mageia
Updated ruby packages fix security vulnerability
2021-12-24 00:01:45
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
cnvd
cnvd
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
2021-07-12 00:00:00
Ruby has unspecified vulnerabilities (CNVD-2022-06510)
2021-11-29 00:00:00
debiancve
debiancve
CVE-2021-31810
2021-07-13 13:15:00
CVE-2021-32066
2021-08-01 19:15:00
CVE-2021-41819
2022-01-01 06:15:00
prion
prion
Code injection
2022-01-01 06:15:00
Code injection
2021-08-01 19:15:00
Code injection
2021-07-13 13:15:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0084
2021-08-20 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0096
2021-09-07 00:00:00
ubuntucve
ubuntucve
CVE-2021-32066
2021-07-15 00:00:00
CVE-2021-31810
2021-07-13 00:00:00
CVE-2022-28739
2022-05-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-11 16:10:12
Denial Of Service (DoS)
2021-07-11 15:57:38
Man In The Middle (MitM)
2021-07-10 14:45:44
cve
cve
CVE-2021-31810
2021-07-13 13:15:00
CVE-2021-32066
2021-08-01 19:15:00
CVE-2021-41819
2022-01-01 06:15:00
redhatcve
redhatcve
CVE-2021-31810
2021-07-07 21:53:02
CVE-2021-41819
2021-11-25 19:11:16
CVE-2022-28739
2022-04-20 05:24:54
alpinelinux
alpinelinux
CVE-2021-32066
2021-08-01 19:15:00
CVE-2022-28739
2022-05-09 18:15:00
CVE-2021-31810
2021-07-13 13:15:00
cbl_mariner
cbl_mariner
CVE-2022-28739 affecting package ruby 2.6.9-1
2022-06-15 17:03:10
CVE-2021-41819 affecting package ruby 2.7.4-6
2022-04-26 20:17:12
CVE-2021-32066 affecting package ruby 2.7.2-4
2022-04-09 06:51:53
hackerone
hackerone
Ruby: OS Command Injection in 'rdoc' documentation generator
2021-04-12 16:47:15
github
github
Arbitrary Code Execution in Rdoc
2021-09-01 18:53:15
amazon
amazon
Medium: ruby20
2022-10-03 19:29:00
Medium: ruby
2022-09-30 07:04:00
JSON
Related for EULEROS_SA-2023-1292.NASL
oraclelinux8suse4nessus88cloudfoundry1rocky6osv23redhat12debian2ubuntu1archlinux3freebsd2almalinux5fedora3mageia1gentoo1cnvd2debiancve4prion3photon2ubuntucve4veracode4cve5redhatcve3alpinelinux4cbl_mariner4hackerone1github1amazon2