{"id": "FEDORA_2009-10484.NASL", "bulletinFamily": "scanner", "title": "Fedora 11 : rubygem-actionmailer-2.3.2-3.fc11 / rubygem-actionpack-2.3.2-2.fc11 / etc (2009-10484)", "description": " - Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid\n update issues for existing applications\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2009-10-15T00:00:00", "modified": "2009-10-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/42128", "reporter": "This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?730621f3", "http://www.nessus.org/u?8a6a9293", "http://www.nessus.org/u?0207dcc7", "http://www.nessus.org/u?02639cae", "https://bugzilla.redhat.com/show_bug.cgi?id=520843", "http://www.nessus.org/u?40f04b14", "http://www.nessus.org/u?947f18bc"], "cvelist": ["CVE-2009-3009"], "type": "nessus", "lastseen": "2021-01-12T10:06:52", "edition": 24, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3009"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10239", "SECURITYVULNS:DOC:22471"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1887-1:A9049"]}, {"type": "seebug", "idList": ["SSV:12235"]}, {"type": "github", "idList": ["GHSA-8QRH-H9M2-5FVF"]}, {"type": "nessus", "idList": ["FEDORA_2009-9799.NASL", "GENTOO_GLSA-200912-02.NASL", "MACOSX_SECUPD2010-002.NASL", "MACOSX_10_6_3.NASL", "FEDORA_2009-9922.NASL", "DEBIAN_DSA-1887.NASL", "SUSE_11_1_RUBYGEM-ACTIVESUPPORT-2_1-090917.NASL", "SUSE_11_1_RUBYGEM-ACTIONPACK-2_1-090917.NASL"]}, {"type": "fedora", "idList": ["FEDORA:9B98C10F88A", "FEDORA:ABDE110F87F", "FEDORA:9AE2710F875", "FEDORA:A0DD028EDC8", "FEDORA:9258610F884", "FEDORA:C02B310F88B", "FEDORA:8FC0910F86A", "FEDORA:0D0B610F884", "FEDORA:B804610F882", "FEDORA:BA70310F889"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231066042", "OPENVAS:136141256231064968", "OPENVAS:64968", "OPENVAS:136141256231064961", "OPENVAS:64919", "OPENVAS:136141256231064919", "OPENVAS:136141256231066564", "OPENVAS:66042", "OPENVAS:64961", "OPENVAS:1361412562310902090"]}, {"type": "gentoo", "idList": ["GLSA-200912-02"]}, {"type": "threatpost", "idList": ["THREATPOST:4F867C686B7E31697E158FBD04A5DD35"]}], "modified": "2021-01-12T10:06:52", "rev": 2}, "score": {"value": 7.8, "vector": "NONE", "modified": "2021-01-12T10:06:52", "rev": 2}, "vulnersScore": 7.8}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-10484.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42128);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3009\");\n script_bugtraq_id(36278);\n script_xref(name:\"FEDORA\", value:\"2009-10484\");\n\n script_name(english:\"Fedora 11 : rubygem-actionmailer-2.3.2-3.fc11 / rubygem-actionpack-2.3.2-2.fc11 / etc (2009-10484)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid\n update issues for existing applications\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=520843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030057.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?40f04b14\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8a6a9293\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030059.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?02639cae\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030060.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?730621f3\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030061.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0207dcc7\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-October/030062.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?947f18bc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activeresource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-actionmailer-2.3.2-3.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-actionpack-2.3.2-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-activerecord-2.3.2-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-activeresource-2.3.2-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-activesupport-2.3.2-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-rails-2.3.2-5.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionmailer / rubygem-actionpack / rubygem-activerecord / etc\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "42128", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:rubygem-activeresource", "p-cpe:/a:fedoraproject:fedora:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:11"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:54:16", "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.", "edition": 4, "cvss3": {}, "published": "2009-09-08T18:30:00", "title": "CVE-2009-3009", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3009"], "modified": "2019-08-08T14:43:00", "cpe": ["cpe:/a:rubyonrails:rails:2.0.2", "cpe:/a:rubyonrails:rails:2.1.2", "cpe:/a:rubyonrails:rails:2.2.2", "cpe:/a:rubyonrails:rails:2.3.3", "cpe:/a:rubyonrails:rails:2.1.0", "cpe:/a:rubyonrails:rails:2.2.0", "cpe:/a:rubyonrails:rails:2.0.0", "cpe:/a:rubyonrails:rails:2.1.1", "cpe:/a:rubyonrails:rails:2.0.4", "cpe:/a:rubyonrails:rails:2.0.1", "cpe:/a:rubyonrails:rails:2.3.2", "cpe:/a:rubyonrails:rails:2.2.1"], "id": "CVE-2009-3009", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3009", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:09:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3009"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2009-09-15T00:00:00", "published": "2009-09-15T00:00:00", "id": "SECURITYVULNS:VULN:10239", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10239", "title": "Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:31", "bulletinFamily": "software", "cvelist": ["CVE-2009-3009"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1887-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nSeptember 15, 2009 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : rails\r\nVulnerability : missing input sanitising\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id : CVE-2009-3009\r\nDebian Bug : 545063\r\n\r\n\r\nBrian Mastenbrook discovered that rails, the MVC ruby based framework\r\ngeared for web application development, is prone to cross-site scripting\r\nattacks via malformed strings in the form helper.\r\n\r\n\r\nFor the stable distribution &#40;lenny&#41;, this problem has been fixed in\r\nversion 2.1.0-7.\r\n\r\nFor the oldstable distribution &#40;etch&#41; security support has been\r\ndiscontinued. It has been reported that rails in oldstable is unusable\r\nand several features that are affected by security issues are broken due\r\nto programming issues. It is highly recommended to upgrade to the\r\nversion in stable &#40;lenny&#41;.\r\n\r\nFor the testing distribution &#40;squeeze&#41; and the unstable distribution\r\n&#40;sid&#41;, this problem has been fixed in version 2.2.3-1.\r\n\r\n\r\nWe recommend that you upgrade your rails packages.\r\n\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian &#40;stable&#41;\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.diff.gz\r\n Size/MD5 checksum: 17520 866f4225a0496c3a2fbeae5da52b36a9\r\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.dsc\r\n Size/MD5 checksum: 1203 60d2bd20b3dae00c2675ed1d45ee99af\r\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0.orig.tar.gz\r\n Size/MD5 checksum: 1953333 edcc03e7177e1557653fcb92c90db0d1\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7_all.deb\r\n Size/MD5 checksum: 2374598 0a1648b6ff0105c4969f54f8c8bed8af\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkqvxQUACgkQ62zWxYk/rQepTACeMylU2PMJePwDfaGAAGFLLP6s\r\nRz0AoLvIQHNfBsLVmXXG8xF9b5gsA+23\r\n=tRi9\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-09-15T00:00:00", "published": "2009-09-15T00:00:00", "id": "SECURITYVULNS:DOC:22471", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22471", "title": "[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-08-12T00:56:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1887-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nSeptember 15, 2009 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : missing input sanitising\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-3009\nDebian Bug : 545063\n\n\nBrian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site scripting\nattacks via malformed strings in the form helper.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.\n\nFor the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken due\nto programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.3-1.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nDebian (stable)\n- ---------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.diff.gz\n Size/MD5 checksum: 17520 866f4225a0496c3a2fbeae5da52b36a9\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7.dsc\n Size/MD5 checksum: 1203 60d2bd20b3dae00c2675ed1d45ee99af\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0.orig.tar.gz\n Size/MD5 checksum: 1953333 edcc03e7177e1557653fcb92c90db0d1\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/r/rails/rails_2.1.0-7_all.deb\n Size/MD5 checksum: 2374598 0a1648b6ff0105c4969f54f8c8bed8af\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n", "edition": 6, "modified": "2009-09-15T16:47:51", "published": "2009-09-15T16:47:51", "id": "DEBIAN:DSA-1887-1:A9049", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00208.html", "title": "[SECURITY] [DSA 1887-1] New rails packages fix cross-site scripting", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T18:40:06", "description": "BUGTRAQ ID: 36278\r\nCVE(CAN) ID: CVE-2009-3009\r\n\r\nRuby on Rails\u662f\u4e00\u4e2a\u65b0\u7684Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\n\r\nRuby on Rails\u7684\u8868\u5355\u5e2e\u52a9\u7a0b\u5e8f\u4e2d\u7684\u8f6c\u4e49\u4ee3\u7801\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u5176\u63d0\u4ea4\u6076\u610f\u7684Unicode\u5b57\u7b26\u4e32\u7ed5\u8fc7\u8f6c\u4e49\u68c0\u67e5\uff0c\u5728\u7528\u6237\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6ce8\u5165\u5e76\u6267\u884c\u4efb\u610fHTML\u4ee3\u7801\u3002\n\nDavid Heinemeier Hansson Ruby on Rails 2.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nDavid Heinemeier Hansson\r\n------------------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://weblog.rubyonrails.org/assets/2009/9/4/2-0-CVE-2009-3009.patch\r\nhttp://weblog.rubyonrails.org/assets/2009/9/4/2-1-CVE-2009-3009.patch\r\nhttp://weblog.rubyonrails.org/assets/2009/9/4/2-2-CVE-2009-3009.patch\r\nhttp://weblog.rubyonrails.org/assets/2009/9/4/2-3-CVE-2009-3009.patch", "published": "2009-09-08T00:00:00", "title": "Ruby on Rails\u8868\u5355\u5e2e\u52a9\u7a0b\u5e8fUnicode\u5b57\u7b26\u4e32\u5904\u7406\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3009"], "modified": "2009-09-08T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12235", "id": "SSV:12235", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": ""}], "github": [{"lastseen": "2020-03-10T23:26:17", "bulletinFamily": "software", "cvelist": ["CVE-2009-3009"], "description": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.", "edition": 2, "modified": "2019-07-03T21:02:00", "published": "2017-10-24T18:33:38", "id": "GHSA-8QRH-H9M2-5FVF", "href": "https://github.com/advisories/GHSA-8qrh-h9m2-5fvf", "title": "Moderate severity vulnerability that affects rails", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:45:39", "description": "Brian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site\nscripting attacks via malformed strings in the form helper.", "edition": 26, "published": "2010-02-24T00:00:00", "title": "Debian DSA-1887-1 : rails - missing input sanitising", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "modified": "2010-02-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-1887.NASL", "href": "https://www.tenable.com/plugins/nessus/44752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1887. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44752);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-3009\");\n script_bugtraq_id(36278);\n script_xref(name:\"DSA\", value:\"1887\");\n\n script_name(english:\"Debian DSA-1887-1 : rails - missing input sanitising\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Brian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site\nscripting attacks via malformed strings in the form helper.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1887\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails packages.\n\nFor the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken\ndue to programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"rails\", reference:\"2.1.0-7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:40", "description": "A vulnerability is found on Ruby on Rails in the escaping code for the\nform helpers, which also affects the rpms shipped in Fedora Project.\nAttackers who can inject deliberately malformed unicode strings into\nthe form helpers can defeat the escaping checks and inject arbitrary\nHTML. This issue has been tagged as CVE-2009-3009. These new rpms will\nfix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-09-28T00:00:00", "title": "Fedora 11 : rubygem-actionpack-2.3.3-2.fc11 / rubygem-activesupport-2.3.3-2.fc11 (2009-9922)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "modified": "2009-09-28T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-9922.NASL", "href": "https://www.tenable.com/plugins/nessus/41634", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9922.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41634);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3009\");\n script_bugtraq_id(36278);\n script_xref(name:\"FEDORA\", value:\"2009-9922\");\n\n script_name(english:\"Fedora 11 : rubygem-actionpack-2.3.3-2.fc11 / rubygem-activesupport-2.3.3-2.fc11 (2009-9922)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability is found on Ruby on Rails in the escaping code for the\nform helpers, which also affects the rpms shipped in Fedora Project.\nAttackers who can inject deliberately malformed unicode strings into\nthe form helpers can defeat the escaping checks and inject arbitrary\nHTML. This issue has been tagged as CVE-2009-3009. These new rpms will\nfix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=520843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9f4961de\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029462.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21f861ae\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-actionpack-2.3.3-2.fc11\")) flag++;\nif (rpm_check(release:\"FC11\", reference:\"rubygem-activesupport-2.3.3-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:40", "description": "A vulnerability is found on Ruby on Rails in the escaping code for the\nform helpers, which also affects the rpms shipped in Fedora Project.\nAttackers who can inject deliberately malformed unicode strings into\nthe form helpers can defeat the escaping checks and inject arbitrary\nHTML. This issue has been tagged as CVE-2009-3009. These new rpms will\nfix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-09-25T00:00:00", "title": "Fedora 10 : rubygem-actionpack-2.1.1-3.fc10 / rubygem-activesupport-2.1.1-2.fc10 (2009-9799)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "modified": "2009-09-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"], "id": "FEDORA_2009-9799.NASL", "href": "https://www.tenable.com/plugins/nessus/41612", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-9799.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41612);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3009\");\n script_bugtraq_id(36278);\n script_xref(name:\"FEDORA\", value:\"2009-9799\");\n\n script_name(english:\"Fedora 10 : rubygem-actionpack-2.1.1-3.fc10 / rubygem-activesupport-2.1.1-2.fc10 (2009-9799)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability is found on Ruby on Rails in the escaping code for the\nform helpers, which also affects the rpms shipped in Fedora Project.\nAttackers who can inject deliberately malformed unicode strings into\nthe form helpers can defeat the escaping checks and inject arbitrary\nHTML. This issue has been tagged as CVE-2009-3009. These new rpms will\nfix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=520843\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029356.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d939c36a\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-September/029357.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4b854cfe\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected rubygem-actionpack and / or rubygem-activesupport\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"rubygem-actionpack-2.1.1-3.fc10\")) flag++;\nif (rpm_check(release:\"FC10\", reference:\"rubygem-activesupport-2.1.1-2.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-actionpack / rubygem-activesupport\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T05:52:56", "description": "This update improves the escaping in the helper code of Ruby on Rails\nto protect against XSS attacks (CVE-2009-3009) and an information leak\n(CVE-2009-3086).", "edition": 23, "published": "2009-10-22T00:00:00", "title": "openSUSE Security Update : rubygem-actionpack-2_1 (rubygem-actionpack-2_1-1320)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3086", "CVE-2009-3009"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:rubygem-actionpack-2_1"], "id": "SUSE_11_1_RUBYGEM-ACTIONPACK-2_1-090917.NASL", "href": "https://www.tenable.com/plugins/nessus/42204", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rubygem-actionpack-2_1-1320.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42204);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-3009\", \"CVE-2009-3086\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-2_1 (rubygem-actionpack-2_1-1320)\");\n script_summary(english:\"Check for the rubygem-actionpack-2_1-1320 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the escaping in the helper code of Ruby on Rails\nto protect against XSS attacks (CVE-2009-3009) and an information leak\n(CVE-2009-3086).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=535913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538319\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-actionpack-2_1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"rubygem-actionpack-2_1-2.1.1-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby on rails\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T05:52:57", "description": "This update improves the escaping in the helper code of Ruby on Rails\nto protect against XSS attacks (CVE-2009-3009) and an information leak\n(CVE-2009-3086).", "edition": 23, "published": "2009-10-22T00:00:00", "title": "openSUSE Security Update : rubygem-activesupport-2_1 (rubygem-activesupport-2_1-1321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3086", "CVE-2009-3009"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:rubygem-activesupport-2_1"], "id": "SUSE_11_1_RUBYGEM-ACTIVESUPPORT-2_1-090917.NASL", "href": "https://www.tenable.com/plugins/nessus/42205", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update rubygem-activesupport-2_1-1321.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42205);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-3009\", \"CVE-2009-3086\");\n\n script_name(english:\"openSUSE Security Update : rubygem-activesupport-2_1 (rubygem-activesupport-2_1-1321)\");\n script_summary(english:\"Check for the rubygem-activesupport-2_1-1321 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update improves the escaping in the helper code of Ruby on Rails\nto protect against XSS attacks (CVE-2009-3009) and an information leak\n(CVE-2009-3086).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=535913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=538319\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-activesupport-2_1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rubygem-activesupport-2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"rubygem-activesupport-2_1-2.1.1-2.24.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby on rails\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:52:35", "description": "The remote host is affected by the vulnerability described in GLSA-200912-02\n(Ruby on Rails: Multiple vulnerabilities)\n\n The following vulnerabilities were discovered:\n sameer\n reported that lib/action_controller/cgi_process.rb removes the\n :cookie_only attribute from the default session options\n (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA\n 200711-17).\n Tobias Schlottke reported that the :limit and\n :offset parameters of ActiveRecord::Base.find() are not properly\n sanitized before being processed (CVE-2008-4094).\n Steve from\n Coderrr reported that the CRSF protection in protect_from_forgery()\n does not parse the text/plain MIME format (CVE-2008-7248).\n Nate reported a documentation error that leads to the assumption\n that a block returning nil passed to\n authenticate_or_request_with_http_digest() would deny access to the\n requested resource (CVE-2009-2422).\n Brian Mastenbrook reported\n an input sanitation flaw, related to multibyte characters\n (CVE-2009-3009).\n Gabe da Silveira reported an input sanitation\n flaw in the strip_tags() function (CVE-2009-4214).\n Coda Hale\n reported an information disclosure vulnerability related to HMAC\n digests (CVE-2009-3086).\n \nImpact :\n\n A remote attacker could send specially crafted requests to a vulnerable\n application, possibly leading to the execution of arbitrary SQL\n statements or a circumvention of access control. A remote attacker\n could also conduct session fixation attacks to hijack a user's session\n or bypass the CSRF protection mechanism, or furthermore conduct\n Cross-Site Scripting attacks or forge a digest via multiple attempts.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 29, "published": "2009-12-22T00:00:00", "title": "GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "modified": "2009-12-22T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rails", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200912-02.NASL", "href": "https://www.tenable.com/plugins/nessus/43378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200912-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43378);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2007-5380\", \"CVE-2007-6077\", \"CVE-2008-4094\", \"CVE-2008-7248\", \"CVE-2009-2422\", \"CVE-2009-3009\", \"CVE-2009-3086\", \"CVE-2009-4214\");\n script_bugtraq_id(31176, 36278, 37142);\n script_xref(name:\"GLSA\", value:\"200912-02\");\n\n script_name(english:\"GLSA-200912-02 : Ruby on Rails: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200912-02\n(Ruby on Rails: Multiple vulnerabilities)\n\n The following vulnerabilities were discovered:\n sameer\n reported that lib/action_controller/cgi_process.rb removes the\n :cookie_only attribute from the default session options\n (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA\n 200711-17).\n Tobias Schlottke reported that the :limit and\n :offset parameters of ActiveRecord::Base.find() are not properly\n sanitized before being processed (CVE-2008-4094).\n Steve from\n Coderrr reported that the CRSF protection in protect_from_forgery()\n does not parse the text/plain MIME format (CVE-2008-7248).\n Nate reported a documentation error that leads to the assumption\n that a block returning nil passed to\n authenticate_or_request_with_http_digest() would deny access to the\n requested resource (CVE-2009-2422).\n Brian Mastenbrook reported\n an input sanitation flaw, related to multibyte characters\n (CVE-2009-3009).\n Gabe da Silveira reported an input sanitation\n flaw in the strip_tags() function (CVE-2009-4214).\n Coda Hale\n reported an information disclosure vulnerability related to HMAC\n digests (CVE-2009-3086).\n \nImpact :\n\n A remote attacker could send specially crafted requests to a vulnerable\n application, possibly leading to the execution of arbitrary SQL\n statements or a circumvention of access control. A remote attacker\n could also conduct session fixation attacks to hijack a user's session\n or bypass the CSRF protection mechanism, or furthermore conduct\n Cross-Site Scripting attacks or forge a digest via multiple attempts.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200711-17\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200912-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby on Rails 2.3.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5'\n All Ruby on Rails 2.2.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1'\n NOTE: All applications using Ruby on Rails should also be configured to\n use the latest version available by running 'rake rails:update' inside\n the application directory.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 79, 89, 200, 287, 362);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-ruby/rails\", unaffected:make_list(\"ge 2.3.5\", \"rge 2.2.3-r1\"), vulnerable:make_list(\"lt 2.2.2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby on Rails\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:25:23", "description": "The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar", "edition": 26, "published": "2010-03-29T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-002)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0505", "CVE-2009-2906", "CVE-2008-0564", "CVE-2010-0041", "CVE-2009-3558", "CVE-2009-2417", "CVE-2008-0888", "CVE-2010-0498", "CVE-2010-0506", "CVE-2009-2632", "CVE-2008-5302", "CVE-2009-0033", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0522", "CVE-2008-5303", "CVE-2010-0504", "CVE-2009-2693", "CVE-2009-2042", "CVE-2010-0510", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2009-2801", "CVE-2010-0055", "CVE-2009-0688", "CVE-2010-0523", "CVE-2010-0497", "CVE-2010-0503", "CVE-2010-0056", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-0316", "CVE-2009-3009", "CVE-2009-4142", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2009-0037", "CVE-2010-0525", "CVE-2009-2901", "CVE-2008-4101", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0058", "CVE-2009-0783", "CVE-2009-4143", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2008-2712", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-002.NASL", "href": "https://www.tenable.com/plugins/nessus/45373", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45373);\n script_version(\"1.29\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-0564\",\n \"CVE-2008-0888\",\n \"CVE-2008-2712\",\n \"CVE-2008-4101\",\n \"CVE-2008-5302\",\n \"CVE-2008-5303\",\n \"CVE-2008-5515\",\n \"CVE-2009-0033\",\n \"CVE-2009-0037\",\n \"CVE-2009-0316\",\n \"CVE-2009-0580\",\n \"CVE-2009-0688\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2632\",\n \"CVE-2009-2693\",\n \"CVE-2009-2801\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4142\",\n \"CVE-2009-4143\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0055\",\n \"CVE-2010-0056\",\n \"CVE-2010-0057\",\n \"CVE-2010-0058\",\n \"CVE-2010-0063\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0503\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0506\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0513\",\n \"CVE-2010-0521\",\n \"CVE-2010-0522\",\n \"CVE-2010-0523\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0533\"\n );\n script_bugtraq_id(\n 6940,\n 12767,\n 17155,\n 27630,\n 28288,\n 29715,\n 30795,\n 33447,\n 33962,\n 34961,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 36032,\n 36278,\n 36296,\n 36377,\n 36554,\n 36555,\n 36573,\n 37142,\n 37389,\n 37390,\n 37942,\n 37944,\n 37945,\n 38524,\n 38676,\n 38677,\n 39151,\n 39156,\n 39157,\n 39169,\n 39170,\n 39171,\n 39172,\n 39175,\n 39194,\n 39231,\n 39232,\n 39234,\n 39245,\n 39252,\n 39255,\n 39256,\n 39264,\n 39268,\n 39273,\n 39274,\n 39277,\n 39279,\n 39281,\n 39289,\n 39290,\n 39292\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-002)\");\n script_summary(english:\"Check for the presence of Security Update 2010-002\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-002 applied.\n\nThis security update contains fixes for the following products :\n\n - AppKit\n - Application Firewall\n - AFP Server\n - Apache\n - ClamAV\n - CoreTypes\n - CUPS\n - curl\n - Cyrus IMAP\n - Cyrus SASL\n - Disk Images\n - Directory Services\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - Image RAW\n - Libsystem\n - Mail\n - Mailman\n - OS Services\n - Password Server\n - perl\n - PHP\n - PS Normalizer\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - unzip\n - vim\n - Wiki Server\n - X11\n - xar\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-002 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 79, 119, 189, 200, 264, 287, 310, 352, 362);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(1, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(1, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[2-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-002 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:23:37", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11", "edition": 26, "published": "2010-03-29T00:00:00", "title": "Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0060", "CVE-2010-0517", "CVE-2010-0505", "CVE-2009-2906", "CVE-2010-0041", "CVE-2009-2446", "CVE-2009-3558", "CVE-2009-2417", "CVE-2010-0498", "CVE-2009-0033", "CVE-2008-4456", "CVE-2010-0515", "CVE-2010-0500", "CVE-2009-1904", "CVE-2010-0537", "CVE-2009-4030", "CVE-2010-0520", "CVE-2010-0504", "CVE-2010-0514", "CVE-2009-2693", "CVE-2010-0519", "CVE-2009-2042", "CVE-2010-0510", "CVE-2010-0511", "CVE-2009-0580", "CVE-2010-0512", "CVE-2009-0781", "CVE-2009-4214", "CVE-2008-5515", "CVE-2003-0063", "CVE-2010-0497", "CVE-2010-0533", "CVE-2010-0501", "CVE-2009-3009", "CVE-2010-0062", "CVE-2010-0507", "CVE-2010-0508", "CVE-2009-0689", "CVE-2010-0525", "CVE-2009-2901", "CVE-2010-0063", "CVE-2010-0065", "CVE-2010-0509", "CVE-2009-2422", "CVE-2009-3095", "CVE-2010-0059", "CVE-2009-4017", "CVE-2010-0535", "CVE-2009-0783", "CVE-2010-0043", "CVE-2010-0518", "CVE-2010-0526", "CVE-2010-0516", "CVE-2010-0513", "CVE-2009-3559", "CVE-2010-0502", "CVE-2008-7247", "CVE-2006-1329", "CVE-2009-2902", "CVE-2010-0057", "CVE-2009-4019", "CVE-2010-0521", "CVE-2010-0393", "CVE-2010-0524", "CVE-2010-0064", "CVE-2010-0534", "CVE-2010-0042", "CVE-2009-3557"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_3.NASL", "href": "https://www.tenable.com/plugins/nessus/45372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45372);\n script_version(\"1.31\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2003-0063\",\n \"CVE-2006-1329\",\n \"CVE-2008-4456\",\n \"CVE-2008-5515\",\n \"CVE-2008-7247\",\n \"CVE-2009-0033\",\n \"CVE-2009-0580\",\n \"CVE-2009-0689\",\n \"CVE-2009-0781\",\n \"CVE-2009-0783\",\n \"CVE-2009-1904\",\n \"CVE-2009-2042\",\n \"CVE-2009-2417\",\n \"CVE-2009-2422\",\n \"CVE-2009-2446\",\n \"CVE-2009-2693\",\n \"CVE-2009-2901\",\n \"CVE-2009-2902\",\n \"CVE-2009-2906\",\n \"CVE-2009-3009\",\n \"CVE-2009-3095\",\n \"CVE-2009-3557\",\n \"CVE-2009-3558\",\n \"CVE-2009-3559\",\n \"CVE-2009-4017\",\n \"CVE-2009-4019\",\n \"CVE-2009-4030\",\n \"CVE-2009-4214\",\n \"CVE-2010-0041\",\n \"CVE-2010-0042\",\n \"CVE-2010-0043\",\n \"CVE-2010-0057\",\n \"CVE-2010-0059\",\n \"CVE-2010-0060\",\n \"CVE-2010-0062\",\n \"CVE-2010-0063\",\n \"CVE-2010-0064\",\n \"CVE-2010-0065\",\n \"CVE-2010-0393\",\n \"CVE-2010-0497\",\n \"CVE-2010-0498\",\n \"CVE-2010-0500\",\n \"CVE-2010-0501\",\n \"CVE-2010-0502\",\n \"CVE-2010-0504\",\n \"CVE-2010-0505\",\n \"CVE-2010-0507\",\n \"CVE-2010-0508\",\n \"CVE-2010-0509\",\n \"CVE-2010-0510\",\n \"CVE-2010-0511\",\n \"CVE-2010-0512\",\n \"CVE-2010-0513\",\n \"CVE-2010-0514\",\n \"CVE-2010-0515\",\n \"CVE-2010-0516\",\n \"CVE-2010-0517\",\n \"CVE-2010-0518\",\n \"CVE-2010-0519\",\n \"CVE-2010-0520\",\n \"CVE-2010-0521\",\n \"CVE-2010-0524\",\n \"CVE-2010-0525\",\n \"CVE-2010-0526\",\n \"CVE-2010-0533\",\n \"CVE-2010-0534\",\n \"CVE-2010-0535\",\n \"CVE-2010-0537\"\n );\n script_bugtraq_id(\n 6940,\n 17155,\n 31486,\n 35193,\n 35196,\n 35233,\n 35263,\n 35278,\n 35416,\n 35510,\n 35579,\n 35609,\n 36032,\n 36278,\n 36554,\n 36555,\n 36573,\n 37075,\n 37142,\n 37297,\n 37942,\n 37944,\n 37945,\n 38043,\n 38524,\n 38673,\n 38676,\n 38677,\n 39151,\n 39153,\n 39157,\n 39160,\n 39161,\n 39171,\n 39172,\n 39175,\n 39194,\n 39230,\n 39231,\n 39232,\n 39234,\n 39236,\n 39252,\n 39255,\n 39256,\n 39258,\n 39264,\n 39268,\n 39273,\n 39274,\n 39278,\n 39279,\n 39281,\n 39291\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.3 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.3.\n\nMac OS X 10.6.3 contains security fixes for the following products :\n\n - AFP Server\n - Apache\n - CoreAudio\n - CoreMedia\n - CoreTypes\n - CUPS\n - DesktopServices\n - Disk Images\n - Directory Services\n - Dovecot\n - Event Monitor\n - FreeRADIUS\n - FTP Server\n - iChat Server\n - ImageIO\n - Image RAW\n - Libsystem\n - Mail\n - MySQL\n - OS Services\n - Password Server\n - PHP\n - Podcast Producer\n - Preferences\n - PS Normalizer\n - QuickTime\n - Ruby\n - Server Admin\n - SMB\n - Tomcat\n - Wiki Server\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4077\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Mar/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/19364\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.3 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(20, 22, 59, 79, 119, 134, 189, 200, 264, 287, 310);\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/29\");\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n c = get_kb_item(\"Host/OS/Confidence\");\n if ( isnull(os) || c <= 70 ) exit(0);\n}\nif (!os) exit(1, \"The 'Host/OS' KB item is missing.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-2]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:BA70310F889", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-activesupport-2.3.2-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:ABDE110F87F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-activerecord-2.3.2-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "modified": "2009-09-24T05:06:08", "published": "2009-09-24T05:06:08", "id": "FEDORA:0D0B610F884", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: rubygem-activesupport-2.1.1-2.fc10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Utility library which carries commonly used classes and goodies from the Rails framework ", "modified": "2009-09-25T20:06:42", "published": "2009-09-25T20:06:42", "id": "FEDORA:9B98C10F88A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-activesupport-2.3.3-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Wraps web resources in model classes that can be manipulated through XML ov er REST. ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:B804610F882", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-activeresource-2.3.2-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:9AE2710F875", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-actionpack-2.3.2-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Rails is a framework for building web-application using CGI, FCGI, mod_ruby, or WEBrick on top of either MySQL, PostgreSQL, SQLite, DB2, SQL Server, or Oracle with eRuby- or Builder-based templates. ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:C02B310F88B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-rails-2.3.2-5.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Makes it trivial to test and deliver emails sent from a single service laye r. ", "modified": "2009-10-14T01:55:34", "published": "2009-10-14T01:55:34", "id": "FEDORA:8FC0910F86A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-actionmailer-2.3.2-3.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2009-09-25T20:06:42", "published": "2009-09-25T20:06:42", "id": "FEDORA:9258610F884", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-actionpack-2.3.3-2.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3009", "CVE-2009-4214"], "description": "Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser. ", "modified": "2009-12-18T04:36:01", "published": "2009-12-18T04:36:01", "id": "FEDORA:A0DD028EDC8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: rubygem-actionpack-2.3.2-4.fc11", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-07-25T10:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-activesupport\nannounced via advisory FEDORA-2009-9799.", "modified": "2017-07-10T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:64961", "href": "http://plugins.openvas.org/nasl.php?oid=64961", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9799.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9799 (rubygem-activesupport)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA vulnerability is found on Ruby on Rails in the escaping code for the form\nhelpers, which also affects the rpms shipped in Fedora Project. Attackers who\ncan inject deliberately malformed unicode strings into the form helpers can\ndefeat the escaping checks and inject arbitrary HTML. This issue has been tagged\nas CVE-2009-3009. These new rpms will fix this issue.\nChangeLog:\n\n* Mon Sep 21 2009 Mamoru Tasaka - 2.1.1-2\n- Patch for CVE-2009-3009 (bug 520843)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-activesupport' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9799\";\ntag_summary = \"The remote host is missing an update to rubygem-activesupport\nannounced via advisory FEDORA-2009-9799.\";\n\n\n\nif(description)\n{\n script_id(64961);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.1.1~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-actionmailer\nannounced via advisory FEDORA-2009-10484.", "modified": "2018-04-06T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:136141256231066042", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066042", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10484.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10484 (rubygem-actionmailer)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for\nexisting applications\n\nChangeLog:\n\n* Wed Oct 7 2009 David Lutterkort - 1:2.3.2-3\n- Bump epoch; rails is not updatable across versions (bz 520843)\n- Kill test for now\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-actionmailer' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10484\";\ntag_summary = \"The remote host is missing an update to rubygem-actionmailer\nannounced via advisory FEDORA-2009-10484.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66042\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.2~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-24T12:56:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 1887-1.", "modified": "2017-07-07T00:00:00", "published": "2009-09-21T00:00:00", "id": "OPENVAS:64919", "href": "http://plugins.openvas.org/nasl.php?oid=64919", "type": "openvas", "title": "Debian Security Advisory DSA 1887-1 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1887_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1887-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site scripting\nattacks via malformed strings in the form helper.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.\n\nFor the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken due\nto programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.3-1.\n\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 1887-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201887-1\";\n\n\nif(description)\n{\n script_id(64919);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1887-1 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-9922.", "modified": "2017-07-10T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:64968", "href": "http://plugins.openvas.org/nasl.php?oid=64968", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9922.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9922 (rubygem-actionpack)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA vulnerability is found on Ruby on Rails in the escaping code for the form\nhelpers, which also affects the rpms shipped in Fedora Project. Attackers who\ncan inject deliberately malformed unicode strings into the form helpers can\ndefeat the escaping checks and inject arbitrary HTML. This issue has been tagged\nas CVE-2009-3009. These new rpms will fix this issue.\n\nChangeLog:\n\n* Wed Sep 23 2009 Mamoru Tasaka - 2.3.3-2\n- Patch for CVE-2009-3009 (bug 520843)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-actionpack' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9922\";\ntag_summary = \"The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-9922.\";\n\n\n\nif(description)\n{\n script_id(64968);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:38:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-activesupport\nannounced via advisory FEDORA-2009-9799.", "modified": "2018-04-06T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:136141256231064961", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064961", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9799.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9799 (rubygem-activesupport)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA vulnerability is found on Ruby on Rails in the escaping code for the form\nhelpers, which also affects the rpms shipped in Fedora Project. Attackers who\ncan inject deliberately malformed unicode strings into the form helpers can\ndefeat the escaping checks and inject arbitrary HTML. This issue has been tagged\nas CVE-2009-3009. These new rpms will fix this issue.\nChangeLog:\n\n* Mon Sep 21 2009 Mamoru Tasaka - 2.1.1-2\n- Patch for CVE-2009-3009 (bug 520843)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-activesupport' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9799\";\ntag_summary = \"The remote host is missing an update to rubygem-activesupport\nannounced via advisory FEDORA-2009-9799.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64961\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 10 FEDORA-2009-9799 (rubygem-activesupport)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-activesupport\", rpm:\"rubygem-activesupport~2.1.1~2.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-25T10:56:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-actionmailer\nannounced via advisory FEDORA-2009-10484.", "modified": "2017-07-10T00:00:00", "published": "2009-10-19T00:00:00", "id": "OPENVAS:66042", "href": "http://plugins.openvas.org/nasl.php?oid=66042", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_10484.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-10484 (rubygem-actionmailer)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\n- Fixes CVE-2009-3009 - Downgrade to Rails 2.3.2 to avoid update issues for\nexisting applications\n\nChangeLog:\n\n* Wed Oct 7 2009 David Lutterkort - 1:2.3.2-3\n- Bump epoch; rails is not updatable across versions (bz 520843)\n- Kill test for now\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-actionmailer' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10484\";\ntag_summary = \"The remote host is missing an update to rubygem-actionmailer\nannounced via advisory FEDORA-2009-10484.\";\n\n\n\nif(description)\n{\n script_id(66042);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-19 21:50:22 +0200 (Mon, 19 Oct 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-10484 (rubygem-actionmailer)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-actionmailer\", rpm:\"rubygem-actionmailer~2.3.2~3.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rails\nannounced via advisory DSA 1887-1.", "modified": "2018-04-06T00:00:00", "published": "2009-09-21T00:00:00", "id": "OPENVAS:136141256231064919", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064919", "type": "openvas", "title": "Debian Security Advisory DSA 1887-1 (rails)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1887_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1887-1 (rails)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Brian Mastenbrook discovered that rails, the MVC ruby based framework\ngeared for web application development, is prone to cross-site scripting\nattacks via malformed strings in the form helper.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 2.1.0-7.\n\nFor the oldstable distribution (etch) security support has been\ndiscontinued. It has been reported that rails in oldstable is unusable\nand several features that are affected by security issues are broken due\nto programming issues. It is highly recommended to upgrade to the\nversion in stable (lenny).\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem has been fixed in version 2.2.3-1.\n\n\nWe recommend that you upgrade your rails packages.\";\ntag_summary = \"The remote host is missing an update to rails\nannounced via advisory DSA 1887-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201887-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64919\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-21 23:13:00 +0200 (Mon, 21 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Debian Security Advisory DSA 1887-1 (rails)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.1.0-7\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-9922.", "modified": "2018-04-06T00:00:00", "published": "2009-09-28T00:00:00", "id": "OPENVAS:136141256231064968", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064968", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_9922.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-9922 (rubygem-actionpack)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nA vulnerability is found on Ruby on Rails in the escaping code for the form\nhelpers, which also affects the rpms shipped in Fedora Project. Attackers who\ncan inject deliberately malformed unicode strings into the form helpers can\ndefeat the escaping checks and inject arbitrary HTML. This issue has been tagged\nas CVE-2009-3009. These new rpms will fix this issue.\n\nChangeLog:\n\n* Wed Sep 23 2009 Mamoru Tasaka - 2.3.3-2\n- Patch for CVE-2009-3009 (bug 520843)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-actionpack' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-9922\";\ntag_summary = \"The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-9922.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64968\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-09-28 19:09:13 +0200 (Mon, 28 Sep 2009)\");\n script_cve_id(\"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-9922 (rubygem-actionpack)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=520843\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.3~2.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-07-21T22:09:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3009"], "description": "This host is running Ruby on Rails and is prone to cross-site\n scripting vulnerability.", "modified": "2020-07-14T00:00:00", "published": "2010-08-02T00:00:00", "id": "OPENVAS:1361412562310902090", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902090", "type": "openvas", "title": "Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902090\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-08-02 12:38:17 +0200 (Mon, 02 Aug 2010)\");\n script_cve_id(\"CVE-2009-3009\");\n script_bugtraq_id(36278);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Ruby on Rails 'unicode strings' Cross-Site Scripting Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\");\n script_mandatory_keys(\"rails/detected\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/53036\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/product/25856/\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/2544\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2009/Sep/1022824.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to execute arbitrary HTML and\n script code in a user's browser session in context of an affected site.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails version 2.x before to 2.2.3 and 2.3.x before 2.3.4.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in handling of 'escaping' code for the form\n helpers, which does not properly filter HTML code from user-supplied input\n before displaying the input.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Ruby on Rails version 2.2.3 or 2.3.4 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Ruby on Rails and is prone to cross-site\n scripting vulnerability.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude( \"version_func.inc\" );\ninclude( \"host_details.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif(version_in_range( version: version, test_version: \"2.0\", test_version2: \"2.2.2\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"2.2.3\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"2.3.0\", test_version2: \"2.3.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version:\"2.3.4\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-25T10:56:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4214", "CVE-2009-3009"], "description": "The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-13361.", "modified": "2017-07-10T00:00:00", "published": "2009-12-30T00:00:00", "id": "OPENVAS:66564", "href": "http://plugins.openvas.org/nasl.php?oid=66564", "type": "openvas", "title": "Fedora Core 11 FEDORA-2009-13361 (rubygem-actionpack)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_13361.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-13361 (rubygem-actionpack)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nFix CVE-2009-4214 (bz 542786)\n\nChangeLog:\n\n* Thu Dec 10 2009 David Lutterkort - 1:2.3.2-4\n- Patch for CVE-2009-4214 (bz 542786)\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update rubygem-actionpack' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-13361\";\ntag_summary = \"The remote host is missing an update to rubygem-actionpack\nannounced via advisory FEDORA-2009-13361.\";\n\n\n\nif(description)\n{\n script_id(66564);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-12-30 21:58:43 +0100 (Wed, 30 Dec 2009)\");\n script_cve_id(\"CVE-2009-4214\", \"CVE-2009-3009\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Core 11 FEDORA-2009-13361 (rubygem-actionpack)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=542786\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"rubygem-actionpack\", rpm:\"rubygem-actionpack~2.3.2~4.fc11\", rls:\"FC11\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2007-6077", "CVE-2009-4214", "CVE-2009-3086", "CVE-2009-3009", "CVE-2009-2422", "CVE-2008-4094", "CVE-2008-7248", "CVE-2007-5380"], "edition": 1, "description": "### Background\n\nRuby on Rails is a web-application and persistence framework. \n\n### Description\n\nThe following vulnerabilities were discovered: \n\n * sameer reported that lib/action_controller/cgi_process.rb removes the :cookie_only attribute from the default session options (CVE-2007-6077), due to an incomplete fix for CVE-2007-5380 (GLSA 200711-17).\n * Tobias Schlottke reported that the :limit and :offset parameters of ActiveRecord::Base.find() are not properly sanitized before being processed (CVE-2008-4094).\n * Steve from Coderrr reported that the CRSF protection in protect_from_forgery() does not parse the text/plain MIME format (CVE-2008-7248).\n * Nate reported a documentation error that leads to the assumption that a block returning nil passed to authenticate_or_request_with_http_digest() would deny access to the requested resource (CVE-2009-2422).\n * Brian Mastenbrook reported an input sanitation flaw, related to multibyte characters (CVE-2009-3009).\n * Gabe da Silveira reported an input sanitation flaw in the strip_tags() function (CVE-2009-4214).\n * Coda Hale reported an information disclosure vulnerability related to HMAC digests (CVE-2009-3086).\n\n### Impact\n\nA remote attacker could send specially crafted requests to a vulnerable application, possibly leading to the execution of arbitrary SQL statements or a circumvention of access control. A remote attacker could also conduct session fixation attacks to hijack a user's session or bypass the CSRF protection mechanism, or furthermore conduct Cross-Site Scripting attacks or forge a digest via multiple attempts. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby on Rails 2.3.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-ruby/rails-2.3.5\"\n\nAll Ruby on Rails 2.2.x users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \"=dev-ruby/rails-2.2.3-r1\"\n\nNOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running \"rake rails:update\" inside the application directory.", "modified": "2009-12-20T00:00:00", "published": "2009-12-20T00:00:00", "id": "GLSA-200912-02", "href": "https://security.gentoo.org/glsa/200912-02", "type": "gentoo", "title": "Ruby on Rails: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:12", "bulletinFamily": "info", "cvelist": ["CVE-2003-0063", "CVE-2006-1329", "CVE-2008-0564", "CVE-2008-0888", "CVE-2008-2712", "CVE-2008-4101", "CVE-2008-4456", "CVE-2008-5302", "CVE-2008-5303", "CVE-2008-5515", "CVE-2008-7247", "CVE-2009-0033", "CVE-2009-0037", "CVE-2009-0316", "CVE-2009-0580", "CVE-2009-0688", "CVE-2009-0689", "CVE-2009-0781", "CVE-2009-0783", "CVE-2009-1904", "CVE-2009-2042", "CVE-2009-2417", "CVE-2009-2422", "CVE-2009-2446", "CVE-2009-2632", "CVE-2009-2693", "CVE-2009-2801", "CVE-2009-2901", "CVE-2009-2902", "CVE-2009-2906", "CVE-2009-3009", "CVE-2009-3095", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-3559", "CVE-2009-4017", "CVE-2009-4019", "CVE-2009-4030", "CVE-2009-4142", "CVE-2009-4143", "CVE-2009-4214", "CVE-2010-0041", "CVE-2010-0042", "CVE-2010-0043", "CVE-2010-0055", "CVE-2010-0056", "CVE-2010-0057", "CVE-2010-0058", "CVE-2010-0059", "CVE-2010-0060", "CVE-2010-0062", "CVE-2010-0063", "CVE-2010-0064", "CVE-2010-0065", "CVE-2010-0393", "CVE-2010-0497", "CVE-2010-0498", "CVE-2010-0500", "CVE-2010-0501", "CVE-2010-0502", "CVE-2010-0503", "CVE-2010-0504", "CVE-2010-0505", "CVE-2010-0506", "CVE-2010-0507", "CVE-2010-0508", "CVE-2010-0509", "CVE-2010-0510", "CVE-2010-0511", "CVE-2010-0512", "CVE-2010-0513", "CVE-2010-0514", "CVE-2010-0515", "CVE-2010-0516", "CVE-2010-0517", "CVE-2010-0518", "CVE-2010-0519", "CVE-2010-0520", "CVE-2010-0521", "CVE-2010-0522", "CVE-2010-0523", "CVE-2010-0524", "CVE-2010-0525", "CVE-2010-0526", "CVE-2010-0533", "CVE-2010-0534", "CVE-2010-0535", "CVE-2010-0537"], "description": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities\n\nApple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping with fixes for 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 is now available and\n\naddresses the following:\n\nAppKit\n\nCVE-ID: CVE-2010-0056\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Spell checking a maliciously crafted document may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the spell checking feature\n\nused by Cocoa applications. Spell checking a maliciously crafted\n\ndocument may lead to an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nApplication Firewall\n\nCVE-ID: CVE-2009-2801\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Certain rules in the Application Firewall may become\n\ninactive after restart\n\nDescription: A timing issue in the Application Firewall may cause\n\ncertain rules to become inactive after reboot. The issue is addressed\n\nthrough improved handling of Firewall rules. This issue does not\n\naffect Mac OS X v10.6 systems. Credit to Michael Kisor of\n\nOrganicOrb.com for reporting this issue.\n\nAFP Server\n\nCVE-ID: CVE-2010-0057\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: When guest access is disabled, a remote user may be able to\n\nmount AFP shares as a guest\n\nDescription: An access control issue in AFP Server may allow a\n\nremote user to mount AFP shares as a guest, even if guest access is\n\ndisabled. This issue is addressed through improved access control\n\nchecks. Credit: Apple.\n\nAFP Server\n\nCVE-ID: CVE-2010-0533\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote user with guest access to an AFP share may access\n\nthe contents of world-readable files outside the Public share\n\nDescription: A directory traversal issue exists in the path\n\nvalidation for AFP shares. A remote user may enumerate the parent\n\ndirectory of the share root, and read or write files within that\n\ndirectory that are accessible to the \u2018nobody\u2019 user. This issue is\n\naddressed through improved handling of file paths. Credit to Patrik\n\nKarlsson of cqure.net for reporting this issue.\n\nApache\n\nCVE-ID: CVE-2009-3095\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to bypass access control\n\nrestrictions\n\nDescription: An input validation issue exists in Apache\u2019s handling\n\nof proxied FTP requests. A remote attacker with the ability to issue\n\nrequests through the proxy may be able to bypass access control\n\nrestrictions specified in the Apache configuration. This issue is\n\naddressed by updating Apache to version 2.2.14.\n\nClamAV\n\nCVE-ID: CVE-2010-0058\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: ClamAV virus definitions may not receive updates\n\nDescription: A configuration issue introduced in Security Update\n\n2009-005 prevents freshclam from running. This may prevent virus\n\ndefinitions from being updated. This issue is addressed by updating\n\nfreshclam\u2019s launchd plist ProgramArguments key values. This issue\n\ndoes not affect Mac OS X v10.6 systems. Credit to Bayard Bell, Wil\n\nShipley of Delicious Monster, and David Ferrero of Zion Software, LLC\n\nfor reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0059\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDM2 encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreAudio\n\nCVE-ID: CVE-2010-0060\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Playing maliciously crafted audio content may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nQDMC encoded audio content. Playing maliciously crafted audio content\n\nmay lead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nCoreMedia\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in CoreMedia\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nCoreTypes\n\nCVE-ID: CVE-2010-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Users are not warned before opening certain potentially\n\nunsafe content types\n\nDescription: This update adds .ibplugin and .url to the system\u2019s\n\nlist of content types that will be flagged as potentially unsafe\n\nunder certain circumstances, such as when they are downloaded from a\n\nweb page. While these content types are not automatically launched,\n\nif manually opened they could lead to the execution of a malicious\n\nJavaScript payload or arbitrary code execution. This update improves\n\nthe system\u2019s ability to notify users before handling content types\n\nused by Safari. Credit to Clint Ruoho of Laconic Security for\n\nreporting this issue.\n\nCUPS\n\nCVE-ID: CVE-2010-0393\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain system privileges\n\nDescription: A format string issue exists in the lppasswd CUPS\n\nutility. This may allow a local user to obtain system privileges. Mac\n\nOS X v10.6 systems are only affected if the setuid bit has been set\n\non the binary. This issue is addressed by using default directories\n\nwhen running as a setuid process. Credit to Ronald Volgers for\n\nreporting this issue.\n\ncurl\n\nCVE-ID: CVE-2009-2417\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A man-in-the-middle attacker may be able to impersonate a\n\ntrusted server\n\nDescription: A canonicalization issue exists in curl\u2019s handling of\n\nNULL characters in the subject\u2019s Common Name (CN) field of X.509\n\ncertificates. This may lead to man-in-the-middle attacks against\n\nusers of the curl command line tool, or applications using libcurl.\n\nThis issue is addressed through improved handling of NULL characters.\n\ncurl\n\nCVE-ID: CVE-2009-0037\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Using curl with -L may allow a remote attacker to read or\n\nwrite local files\n\nDescription: curl will follow HTTP and HTTPS redirects when used\n\nwith the -L option. When curl follows a redirect, it allows file://\n\nURLs. This may allow a remote attacker to access local files. This\n\nissue is addressed through improved validation of redirects. This\n\nissue does not affect Mac OS X v10.6 systems. Credit to Daniel\n\nStenberg of Haxx AB for reporting this issue.\n\nCyrus IMAP\n\nCVE-ID: CVE-2009-2632\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A local user may be able to obtain the privileges of the\n\nCyrus user\n\nDescription: A buffer overflow exists in the handling of sieve\n\nscripts. By running a maliciously crafted sieve script, a local user\n\nmay be able to obtain the privileges of the Cyrus user. This issue is\n\naddressed through improved bounds checking. This issue does not\n\naffect Mac OS X v10.6 systems.\n\nCyrus SASL\n\nCVE-ID: CVE-2009-0688\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: An unauthenticated remote attacker may cause unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the Cyrus SASL\n\nauthentication module. Using Cyrus SASL authentication may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0064\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Items copied in the Finder may be assigned an unexpected\n\nfile owner\n\nDescription: When performing an authenticated copy in the Finder,\n\noriginal file ownership may be unexpectedly copied. This update\n\naddresses the issue by ensuring that copied files are owned by the\n\nuser performing the copy. This issue does not affect systems prior to\n\nMac OS X v10.6. Credit to Gerrit DeWitt of Auburn University (Auburn,\n\nAL) for reporting this issue.\n\nDesktopServices\n\nCVE-ID: CVE-2010-0537\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may gain access to user data via a multi-\n\nstage attack\n\nDescription: A path resolution issue in DesktopServices is\n\nvulnerable to a multi-stage attack. A remote attacker must first\n\nentice the user to mount an arbitrarily named share, which may be\n\ndone via a URL scheme. When saving a file using the default save\n\npanel in any application, and using \u201cGo to folder\u201d or dragging\n\nfolders to the save panel, the data may be unexpectedly saved to the\n\nmalicious share. This issue is addressed through improved path\n\nresolution. This issue does not affect systems prior to Mac OS X\n\nv10.6. Credit to Sidney San Martin working with DeepTech, Inc. for\n\nreporting this issue.\n\nDisk Images\n\nCVE-ID: CVE-2010-0065\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nbzip2 compressed disk images. Mounting a maliciously crafted disk\n\nimage may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed through improved bounds\n\nchecking. Credit: Apple.\n\nDisk Images\n\nCVE-ID: CVE-2010-0497\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mounting a maliciously crafted disk image may lead to\n\narbitrary code execution\n\nDescription: A design issue exists in the handling of internet\n\nenabled disk images. Mounting an internet enabled disk image\n\ncontaining a package file type will open it rather than revealing it\n\nin the Finder. This file quarantine feature helps to mitigate this\n\nissue by providing a warning dialog for unsafe file types. This issue\n\nis addressed through improved handling of package file types on\n\ninternet enabled disk images. Credit to Brian Mastenbrook working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nDirectory Services\n\nCVE-ID: CVE-2010-0498\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may obtain system privileges\n\nDescription: An authorization issue in Directory Services\u2019 handling\n\nof record names may allow a local user to obtain system privileges.\n\nThis issue is addressed through improved authorization checks.\n\nCredit: Apple.\n\nDovecot\n\nCVE-ID: CVE-2010-0535\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to send and receive mail\n\neven if the user is not on the SACL of users who are permitted to do\n\nso\n\nDescription: An access control issue exists in Dovecot when Kerberos\n\nauthentication is enabled. This may allow an authenticated user to\n\nsend and receive mail even if the user is not on the service access\n\ncontrol list (SACL) of users who are permitted to do so. This issue\n\nis addressed through improved access control checks. This issue does\n\nnot affect systems prior to Mac OS X v10.6.\n\nEvent Monitor\n\nCVE-ID: CVE-2010-0500\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may cause arbitrary systems to be added to\n\nthe firewall blacklist\n\nDescription: A reverse DNS lookup is performed on remote ssh clients\n\nthat fail to authenticate. A plist injection issue exists in the\n\nhandling of resolved DNS names. This may allow a remote attacker to\n\ncause arbitrary systems to be added to the firewall blacklist. This\n\nissue is addressed by properly escaping resolved DNS names. Credit:\n\nApple.\n\nFreeRADIUS\n\nCVE-ID: CVE-2010-0524\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may obtain access to a network via RADIUS\n\nauthentication\n\nDescription: A certificate authentication issue exists in the\n\ndefault Mac OS X configuration of the FreeRADIUS server. A remote\n\nattacker may use EAP-TLS with an arbitrary valid certificate to\n\nauthenticate and connect to a network configured to use FreeRADIUS\n\nfor authentication. This issue is addressed by disabling support for\n\nEAP-TLS in the configuration. RADIUS clients should use EAP-TTLS\n\ninstead. This issue only affects Mac OS X Server systems. Credit to\n\nChris Linstruth of Qnet for reporting this issue.\n\nFTP Server\n\nCVE-ID: CVE-2010-0501\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Users may be able to retrieve files outside the FTP root\n\ndirectory\n\nDescription: A directory traversal issue exists in FTP Server. This\n\nmay allow a user to retrieve files outside the FTP root directory.\n\nThis issue is addressed through improved handling of file names. This\n\nissue only affects Mac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2006-1329\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An implementation issue exists in jabberd\u2019s handling of\n\nSASL negotiation. A remote attacker may be able to terminate the\n\noperation of jabberd. This issue is addressed through improved\n\nhandling of SASL negotiation. This issue only affects Mac OS X Server\n\nsystems.\n\niChat Server\n\nCVE-ID: CVE-2010-0502\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Chat messages may not be logged\n\nDescription: A design issue exists in iChat Server\u2019s support for\n\nconfigurable group chat logging. iChat Server only logs messages with\n\ncertain message types. This may allow a remote user to send a message\n\nthrough the server without it being logged. The issue is addressed by\n\nremoving the capability to disable group chat logs, and logging all\n\nmessages that are sent through the server. This issue only affects\n\nMac OS X Server systems. Credit: Apple.\n\niChat Server\n\nCVE-ID: CVE-2010-0503\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A use-after-free issue exists in iChat Server. An\n\nauthenticated user may be able to cause an unexpected application\n\ntermination or arbitrary code execution. This issue is addressed\n\nthrough improved memory reference tracking. This issue only affects\n\nMac OS X Server systems, and does not affect versions 10.6 or later.\n\niChat Server\n\nCVE-ID: CVE-2010-0504\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: Multiple stack buffer overflow issues exist in iChat\n\nServer. An authenticated user may be able to cause an unexpected\n\napplication termination or arbitrary code execution. These issues are\n\naddressed through improved memory management. These issues only\n\naffect Mac OS X Server systems. Credit: Apple.\n\nImageIO\n\nCVE-ID: CVE-2010-0505\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of JP2\n\nimages. Viewing a maliciously crafted JP2 image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Service, and researcher\n\n\u201c85319bb6e6ab398b334509c50afce5259d42756e\u201d working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0041\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of BMP images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of BMP images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Visiting a maliciously crafted website may result in sending\n\ndata from Safari\u2019s memory to the website\n\nDescription: An uninitialized memory access issue exists in\n\nImageIO\u2019s handling of TIFF images. Visiting a maliciously crafted\n\nwebsite may result in sending data from Safari\u2019s memory to the\n\nwebsite. This issue is addressed through improved memory\n\ninitialization and additional validation of TIFF images. Credit to\n\nMatthew \u2018j00ru\u2019 Jurczyk of Hispasec for reporting this issue.\n\nImageIO\n\nCVE-ID: CVE-2010-0043\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Processing a maliciously crafted TIFF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nTIFF images. Processing a maliciously crafted TIFF image may lead to\n\nan unexpected application termination or arbitrary code execution.\n\nThis issue is addressed through improved memory handling. This issue\n\ndoes not affect systems prior to Mac OS X v10.6. Credit to Gus\n\nMueller of Flying Meat for reporting this issue.\n\nImage RAW\n\nCVE-ID: CVE-2010-0506\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of NEF\n\nimages. Viewing a maliciously crafted NEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. This issue does\n\nnot affect Mac OS X v10.6 systems. Credit: Apple.\n\nImage RAW\n\nCVE-ID: CVE-2010-0507\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A buffer overflow exists in Image RAW\u2019s handling of PEF\n\nimages. Viewing a maliciously crafted PEF image may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed through improved bounds checking. Credit to Chris\n\nRies of Carnegie Mellon University Computing Services for reporting\n\nthis issue.\n\nLibsystem\n\nCVE-ID: CVE-2009-0689\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Applications that convert untrusted data between binary\n\nfloating point and text may be vulnerable to an unexpected\n\napplication termination or arbitrary code execution\n\nDescription: A buffer overflow exists in the floating point binary\n\nto text conversion code within Libsystem. An attacker who can cause\n\nan application to convert a floating point value into a long string,\n\nor to parse a maliciously crafted string as a floating point value,\n\nmay be able to cause an unexpected application termination or\n\narbitrary code execution. This issue is addressed through improved\n\nbounds checking. Credit to Maksymilian Arciemowicz of\n\nSecurityReason.com for reporting this issue.\n\nMail\n\nCVE-ID: CVE-2010-0508\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Rules associated with a deleted mail account remain in\n\neffect\n\nDescription: When a mail account is deleted, user-defined filter\n\nrules associated with that account remain active. This may result in\n\nunexpected actions. This issue is addressed by disabling associated\n\nrules when a mail account is deleted.\n\nMail\n\nCVE-ID: CVE-2010-0525\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Mail may use a weaker encryption key for outgoing email\n\nDescription: A logic issue exists in Mail\u2019s handling of encryption\n\ncertificates. When multiple certificates for the recipient exist in\n\nthe keychain, Mail may select an encryption key that is not intended\n\nfor encipherment. This may lead to a security issue if the chosen key\n\nis weaker than expected. This issue is addressed by ensuring that the\n\nkey usage extension within certificates is evaluated when selecting a\n\nmail encryption key. Credit to Paul Suh of ps Enable, Inc. for\n\nreporting this issue.\n\nMailman\n\nCVE-ID: CVE-2008-0564\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in Mailman 2.1.9\n\nDescription: Multiple cross-site scripting issues exist in Mailman\n\n2.1.9. These issues are addressed by updating Mailman to version\n\n2.1.13. Further information is available via the Mailman site at\n\nhttp://mail.python.org/pipermail/mailman-\n\nannounce/2009-January/000128.html These issues only affect Mac OS X\n\nServer systems, and do not affect versions 10.6 or later.\n\nMySQL\n\nCVE-ID: CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019,\n\nCVE-2009-4030\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in MySQL 5.0.82\n\nDescription: MySQL is updated to version 5.0.88 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitrary code\n\nexecution. These issues only affect Mac OS X Server systems. Further\n\ninformation is available via the MySQL web site at\n\nhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html\n\nOS Services\n\nCVE-ID: CVE-2010-0509\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A local user may be able to obtain elevated privileges\n\nDescription: A privilege escalation issue exists in SFLServer, as it\n\nruns as group \u2018wheel\u2019 and accesses files in users\u2019 home directories.\n\nThis issue is addressed through improved privilege management. Credit\n\nto Kevin Finisterre of DigitalMunition for reporting this issue.\n\nPassword Server\n\nCVE-ID: CVE-2010-0510\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to log in with an outdated\n\npassword\n\nDescription: An implementation issue in Password Server\u2019s handling\n\nof replication may cause passwords to not be replicated. A remote\n\nattacker may be able to log in to a system using an outdated\n\npassword. This issue is addressed through improved handling of\n\npassword replication. This issue only affects Mac OS X Server\n\nsystems. Credit to Jack Johnson of Anchorage School District for\n\nreporting this issue.\n\nperl\n\nCVE-ID: CVE-2008-5302, CVE-2008-5303\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A local user may cause arbitrary files to be deleted\n\nDescription: Multiple race condition issues exist in the rmtree\n\nfunction of the perl module File::Path. A local user with write\n\naccess to a directory that is being deleted may cause arbitrary files\n\nto be removed with the privileges of the perl process. This issue is\n\naddressed through improved handling of symbolic links. This issue\n\ndoes not affect Mac OS X v10.6 systems.\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4017\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in PHP 5.3.0\n\nDescription: PHP is updated to version 5.3.1 to address multiple\n\nvulnerabilities, the most serious of which may lead to arbitary code\n\nexecution. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPHP\n\nCVE-ID: CVE-2009-3557, CVE-2009-3558, CVE-2009-3559, CVE-2009-4142,\n\nCVE-2009-4143\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in PHP 5.2.11\n\nDescription: PHP is updated to version 5.2.12 to address multiple\n\nvulnerabilities, the most serious of which may lead to cross-site\n\nscripting. Further information is available via the PHP website at\n\nhttp://www.php.net/\n\nPodcast Producer\n\nCVE-ID: CVE-2010-0511\n\nAvailable for: Mac OS X Server v10.6 through v10.6.2\n\nImpact: An unauthorized user may be able to access a Podcast\n\nComposer workflow\n\nDescription: When a Podcast Composer workflow is overwritten, the\n\naccess restrictions are removed. This may allow an unauthorized user\n\nto access a Podcast Composer workflow. This issue is addressed\n\nthrough improved handling of workflow access restrictions. Podcast\n\nComposer was introduced in Mac OS X Server v10.6.\n\nPreferences\n\nCVE-ID: CVE-2010-0512\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A network user may be able to bypass system login\n\nrestrictions\n\nDescription: An implementation issue exists in the handling of\n\nsystem login restrictions for network accounts. If the network\n\naccounts allowed to log in to the system at the Login Window are\n\nidentified by group membership only, the restriction will not be\n\nenforced, and all network users will be allowed to log in to the\n\nsystem. The issue is addressed through improved group restriction\n\nmanagement in the Accounts preference pane. This issue only affects\n\nsystems configured to use a network account server, and does not\n\naffect systems prior to Mac OS X v10.6. Credit to Christopher D.\n\nGrieb of University of Michigan MSIS for reporting this issue.\n\nPS Normalizer\n\nCVE-ID: CVE-2010-0513\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted PostScript file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A stack buffer overflow exists in the handling of\n\nPostScript files. Viewing a maliciously crafted PostScript file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of PostScript files. On Mac OS X v10.6 systems this issue\n\nis mitigated by the -fstack-protector compiler flag. Credit: Apple.\n\nQuickTime\n\nCVE-ID: CVE-2010-0062\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in QuickTime\u2019s handling\n\nof H.263 encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of H.263 encoded movie files. Credit to Damian Put working\n\nwith TippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0514\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of H.261\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of H.261 encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0515\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption in the handling of H.264 encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of H.264\n\nencoded movie files.\n\nQuickTime\n\nCVE-ID: CVE-2010-0516\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of RLE encoded\n\nmovie files. Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution. This\n\nissue is addressed by performing additional validation of RLE encoded\n\nmovie files. Credit to an anonymous researcher working with\n\nTippingPoint\u2019s Zero Day Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0517\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow in the handling of M-JPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of M-JPEG encoded movie files. Credit to Damian Put\n\nworking with TippingPoint\u2019s Zero Day Initiative for reporting this\n\nissue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0518\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A memory corruption issue exists in the handling of\n\nSorenson encoded movie files. Viewing a maliciously crafted movie\n\nfile may lead to an unexpected application termination or arbitrary\n\ncode execution. This issue is addressed by performing additional\n\nvalidation of Sorenson encoded movie files. Credit to Will Dormann of\n\nthe CERT/CC for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0519\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: An integer overflow exists in the handling of FlashPix\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed through improved bounds checking.\n\nCredit to an anonymous researcher working with TippingPoint\u2019s Zero\n\nDay Initiative for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0520\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted movie file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of FLC\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of FLC encoded movie files. Credit to Moritz Jodeit of\n\nn.runs AG, working with TippingPoint\u2019s Zero Day Initiative, and\n\nNicols Joly of VUPEN Security for reporting this issue.\n\nQuickTime\n\nCVE-ID: CVE-2010-0526\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted MPEG file may lead to an\n\nunexpected application termination or arbitrary code execution\n\nDescription: A heap buffer overflow exists in the handling of MPEG\n\nencoded movie files. Viewing a maliciously crafted movie file may\n\nlead to an unexpected application termination or arbitrary code\n\nexecution. This issue is addressed by performing additional\n\nvalidation of MPEG encoded movie files. Credit to an anonymous\n\nresearcher working with TippingPoint\u2019s Zero Day Initiative for\n\nreporting this issue.\n\nRuby\n\nCVE-ID: CVE-2009-2422, CVE-2009-3009, CVE-2009-4214\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple issues in Ruby on Rails\n\nDescription: Multiple vulnerabilities exist in Ruby on Rails, the\n\nmost serious of which may lead to cross-site scripting. On Mac OS X\n\nv10.6 systems, these issues are addressed by updating Ruby on Rails\n\nto version 2.3.5. Mac OS X v10.5 systems are affected only by\n\nCVE-2009-4214, and this issue is addressed through improved\n\nvalidation of arguments to strip_tags.\n\nRuby\n\nCVE-ID: CVE-2009-1904\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Running a Ruby script that uses untrusted input to\n\ninitialize a BigDecimal object may lead to an unexpected application\n\ntermination\n\nDescription: A stack exhaustion issue exists in Ruby\u2019s handling of\n\nBigDecimal objects with very large values. Running a Ruby script that\n\nuses untrusted input to initialize a BigDecimal object may lead to an\n\nunexpected application termination. For Mac OS X v10.6 systems, this\n\nissue is addressed by updating Ruby to version 1.8.7-p173. For Mac OS\n\nv10.5 systems, this issue is addressed by updating Ruby to version\n\n1.8.6-p369.\n\nServer Admin\n\nCVE-ID: CVE-2010-0521\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may extract information from Open\n\nDirectory\n\nDescription: A design issue exists in the handling of authenticated\n\ndirectory binding. A remote attacker may be able to anonymously\n\nextract information from Open Directory, even if the \u201cRequire\n\nauthenticated binding between directory and clients\u201d option is\n\nenabled. The issue is addressed by removing this configuration\n\noption. This issue only affects Mac OS X Server systems. Credit to\n\nScott Gruby of Gruby Solutions, and Mathias Haack of GRAVIS\n\nComputervertriebsgesellschaft mbH for reporting this issue.\n\nServer Admin\n\nCVE-ID: CVE-2010-0522\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: A former administrator may have unauthorized access to\n\nscreen sharing\n\nDescription: A user who is removed from the \u2018admin\u2019 group may still\n\nconnect to the server using screen sharing. This issue is addressed\n\nthrough improved handling of administrator privileges. This issue\n\nonly affects Mac OS X Server systems, and does not affect version\n\n10.6 or later. Credit: Apple.\n\nSMB\n\nCVE-ID: CVE-2009-2906\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: A remote attacker may be able to cause a denial of service\n\nDescription: An infinite loop issue exists in Samba\u2019s handling of\n\nSMB \u2018oplock\u2019 break notifications. A remote attacker may be able to\n\ntrigger an infinite loop in smbd, causing it to consume excessive CPU\n\nresources. The issue is addressed through improved handling of\n\n\u2018oplock\u2019 break notifications.\n\nTomcat\n\nCVE-ID: CVE-2009-0580, CVE-2009-0033, CVE-2009-0783, CVE-2008-5515,\n\nCVE-2009-0781, CVE-2009-2901, CVE-2009-2902, CVE-2009-2693\n\nAvailable for: Mac OS X Server v10.5.8,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: Multiple vulnerabilities in Tomcat 6.0.18\n\nDescription: Tomcat is updated to version 6.0.24 to address multiple\n\nvulnerabilities, the most serious of which may lead to a cross site\n\nscripting attack. Tomcat is only provided on Mac OS X Server systems.\n\nFurther information is available via the Tomcat site at\n\nhttp://tomcat.apache.org/\n\nunzip\n\nCVE-ID: CVE-2008-0888\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Extracting maliciously crafted zip files using the unzip\n\ncommand tool may lead to an unexpected application termination or\n\ncode execution\n\nDescription: An uninitialized pointer issue exists is the handling\n\nof zip files. Extracting maliciously crafted zip files using the\n\nunzip command tool may lead to an unexpected application termination\n\nor arbitrary code execution. This issue is addressed by performing\n\nadditional validation of zip files. This issue does not affect Mac OS\n\nX v10.6 systems.\n\nvim\n\nCVE-ID: CVE-2008-2712, CVE-2008-4101, CVE-2009-0316\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: Multiple vulnerabilities in vim 7.0\n\nDescription: Multiple vulnerabilities exist in vim 7.0, the most\n\nserious of which may lead to arbitrary code execution when working\n\nwith maliciously crafted files. These issues are addressed by\n\nupdating to vim 7.2.102. These issues do not affect Mac OS X v10.6\n\nsystems. Further information is available via the vim website at\n\nhttp://www.vim.org/\n\nWiki Server\n\nCVE-ID: CVE-2010-0523\n\nAvailable for: Mac OS X Server v10.5.8\n\nImpact: Uploading a maliciously crafted applet may lead to the\n\ndisclosure of sensitive information\n\nDescription: Wiki Server allows users to upload active content such\n\nas Java applets. A remote attacker may obtain sensitive information\n\nby uploading a maliciously crafted applet and directing a Wiki Server\n\nuser to view it. The issue is addressed by restricting the file types\n\nthat may be uploaded to the Wiki Server. This issue only affects Mac\n\nOS X Server systems, and does not affect versions 10.6 or later.\n\nWiki Server\n\nCVE-ID: CVE-2010-0534\n\nAvailable for: Mac OS X v10.6 through v10.6.2,\n\nMac OS X Server v10.6 through v10.6.2\n\nImpact: An authenticated user may bypass weblog creation\n\nrestrictions\n\nDescription: Wiki Server supports service access control lists\n\n(SACLs), allowing an administrator to control the publication of\n\ncontent. Wiki Server fails to consult the weblog SACL during the\n\ncreation of a user\u2019s weblog. This may allow an authenticated user to\n\npublish content to the Wiki Server, even though publication should be\n\ndisallowed by the service ACL. This issue does not affect systems\n\nprior to Mac OS X v10.6.\n\nX11\n\nCVE-ID: CVE-2009-2042\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Viewing a maliciously crafted image may lead to the\n\ndisclosure of sensitive information\n\nDescription: libpng is updated to version 1.2.37 to address an issue\n\nthat may result in the disclosure of sensitive information. Further\n\ninformation is available via the libpng site at\n\nhttp://www.libpng.org/pub/png/libpng.html\n\nX11\n\nCVE-ID: CVE-2003-0063\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8,\n\nMac OS X v10.6 through v10.6.2, Mac OS X Server v10.6 through v10.6.2\n\nImpact: Displaying maliciously crafted data within an xterm terminal\n\nmay lead to arbitrary code execution\n\nDescription: The xterm program supports a command sequence to change\n\nthe window title, and to print the window title to the terminal. The\n\ninformation returned is provided to the terminal as though it were\n\nkeyboard input from the user. Within an xterm terminal, displaying\n\nmaliciously crafted data containing such sequences may result in\n\ncommand injection. The issue is addressed by disabling the affected\n\ncommand sequence.\n\nxar\n\nCVE-ID: CVE-2010-0055\n\nAvailable for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\n\nImpact: A modified package may appear as validly signed\n\nDescription: A design issue exists in xar when validating a package\n\nsignature. This may allow a modified package to appear as validly\n\nsigned. This issue is fixed through improved package signature\n\nvalidation. This issue does not affect Mac OS X v10.6 systems.\n\nCredit: Apple.\n\nSecurity Update 2010-002 / Mac OS X v10.6.3 may be obtained from\n\nthe Software Update pane in System Preferences, or Apple\u2019s Software\n\nDownloads web site:\n\nhttp://www.apple.com/support/downloads/\n\n[](<https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/>)Apple today released one of its biggest Mac OS X security updates in recent memory, covering a whopping 88 documented vulnerabilities.\n\nThe Mac OS X v10.6.3 update, which is considered \u201ccritical,\u201d covers flaws that could lead to remote code execution, information disclosure and denial-of-service attacks.\n\nIn some scenarios, a malicious hacker could take complete control of a Mac-powered machine if a user simply views a malicious image or movie file.\n\nThe update covers critical vulnerabilities in AppKit, QuickTime,CoreMedia, CoreTypes, DiskImages, ImageIO and Image RAW.\n\nIt also covers holes in several open-source components, including Apache, ClamAV, MySQL, PHP.\n\nHere\u2019s [the full list](<http://support.apple.com/kb/HT4077>) of the patched vulnerabilities. \n\nThe Security Update 2010-002 / Mac OS X v10.6.3 may be obtained from the Software Update pane in System Preferences, or [Apple\u2019s Software Downloads](<site:http://www.apple.com/support/downloads/>) web page.\n", "modified": "2013-04-17T16:37:25", "published": "2010-03-29T17:15:44", "id": "THREATPOST:4F867C686B7E31697E158FBD04A5DD35", "href": "https://threatpost.com/apple-mega-patch-covers-88-mac-os-x-vulnerabilities-032910/73753/", "type": "threatpost", "title": "Apple Mega Patch Covers 88 Mac OS X Vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}