Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
2005-11-02T00:00:00
ID MANDRAKE_MDKSA-2005-191.NASL Type nessus Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc. Modified 2005-11-02T00:00:00
Description
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the
object-oriented scripting language, that can cause illegal program
code to bypass the safe level and taint flag protections check and be
executed.
The updated packages have been patched to address this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:191.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20121);
script_version("1.17");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-2337");
script_xref(name:"MDKSA", value:"2005:191");
script_name(english:"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the
object-oriented scripting language, that can cause illegal program
code to bypass the safe level and taint flag protections check and be
executed.
The updated packages have been patched to address this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-tk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
script_set_attribute(attribute:"patch_publication_date", value:"2005/10/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.1", reference:"ruby-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-devel-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-doc-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-tk-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-devel-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-doc-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-tk-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-devel-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-doc-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-tk-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRAKE_MDKSA-2005-191.NASL", "bulletinFamily": "scanner", "title": "Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted.\n\nThe updated packages have been patched to address this issue.", "published": "2005-11-02T00:00:00", "modified": "2005-11-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/20121", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2005-2337"], "type": "nessus", "lastseen": "2021-01-07T11:51:29", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2337"]}, {"type": "openvas", "idList": ["OPENVAS:55591", "OPENVAS:55615", "OPENVAS:55593", "OPENVAS:55546", "OPENVAS:55744"]}, {"type": "centos", "idList": ["CESA-2005:799-01", "CESA-2005:799"]}, {"type": "redhat", "idList": ["RHSA-2005:799"]}, {"type": "ubuntu", "idList": ["USN-195-1", "USN-196-1"]}, {"type": "cert", "idList": ["VU:160012"]}, {"type": "gentoo", "idList": ["GLSA-200510-05"]}, {"type": "jvn", "idList": ["JVN:62914675"]}, {"type": "debian", "idList": ["DEBIAN:DSA-864-1:F6347", "DEBIAN:DSA-862-1:07C4F", "DEBIAN:DSA-860-1:9E4F5"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-862.NASL", "CENTOS_RHSA-2005-799.NASL", "GENTOO_GLSA-200510-05.NASL", "UBUNTU_USN-196-1.NASL", "REDHAT-RHSA-2005-799.NASL", "MACOSX_SECUPD2006-003.NASL", "UBUNTU_USN-195-1.NASL", "FREEBSD_PKG_1DAEA60A471911DAB5C60004614CC33D.NASL", "DEBIAN_DSA-864.NASL", "DEBIAN_DSA-860.NASL"]}, {"type": "freebsd", "idList": ["1DAEA60A-4719-11DA-B5C6-0004614CC33D"]}, {"type": "osvdb", "idList": ["OSVDB:19610"]}], "modified": "2021-01-07T11:51:29", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-01-07T11:51:29", "rev": 2}, "vulnersScore": 6.3}, "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:191. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20121);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"MDKSA\", value:\"2005:191\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-devel-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-doc-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-tk-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-devel-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-doc-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-tk-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-devel-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-doc-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-tk-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "20121", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:ruby-tk", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:ruby-devel"], "scheme": null}
{"cve": [{"lastseen": "2020-10-03T11:34:55", "description": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).", "edition": 3, "cvss3": {}, "published": "2005-10-07T23:02:00", "title": "CVE-2005-2337", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2337"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:yukihiro_matsumoto:ruby:1.8", "cpe:/a:yukihiro_matsumoto:ruby:1.6.2", "cpe:/a:yukihiro_matsumoto:ruby:1.6.5", "cpe:/a:yukihiro_matsumoto:ruby:1.8.2_pre2", "cpe:/a:yukihiro_matsumoto:ruby:1.6.7", "cpe:/a:yukihiro_matsumoto:ruby:1.6.4", "cpe:/a:yukihiro_matsumoto:ruby:1.6.1", "cpe:/a:yukihiro_matsumoto:ruby:1.8.2_pre1", "cpe:/a:yukihiro_matsumoto:ruby:1.8.1", "cpe:/a:yukihiro_matsumoto:ruby:1.6", "cpe:/a:yukihiro_matsumoto:ruby:1.6.6", "cpe:/a:yukihiro_matsumoto:ruby:1.6.3"], "id": "CVE-2005-2337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre1:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2_pre2:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:yukihiro_matsumoto:ruby:1.6.7:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "description": "The remote host is missing an update to ruby1.8\nannounced via advisory DSA 862-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55591", "href": "http://plugins.openvas.org/nasl.php?oid=55591", "type": "openvas", "title": "Debian Security Advisory DSA 862-1 (ruby1.8)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_862_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 862-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby1.8\nannounced via advisory DSA 862-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20862-1\";\n\nif(description)\n{\n script_id(55591);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 862-1 (ruby1.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-elisp\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-examples\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurses-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpty-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.6-dbg\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsyslog-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtk-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-dev\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "description": "The remote host is missing an update to ruby\nannounced via advisory DSA 860-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55593", "href": "http://plugins.openvas.org/nasl.php?oid=55593", "type": "openvas", "title": "Debian Security Advisory DSA 860-1 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_860_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 860-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory DSA 860-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20860-1\";\n\nif(description)\n{\n script_id(55593);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 860-1 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-elisp\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-examples\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurses-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnkf-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpty-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsyslog-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtk-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-dev\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-28T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:55744", "href": "http://plugins.openvas.org/nasl.php?oid=55744", "type": "openvas", "title": "FreeBSD Ports: ruby, ruby_static", "sourceData": "#\n#VID 1daea60a-4719-11da-b5c6-0004614cc33d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ruby\n ruby_static\n\nCVE-2005-2337\nRuby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to\n2005-09-01 allows attackers to bypass safe level and taint flag\nprotections and execute disallowed code when Ruby processes a program\nthrough standard input (stdin).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ruby-lang.org/en/20051003.html\nhttp://www.vuxml.org/freebsd/1daea60a-4719-11da-b5c6-0004614cc33d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55744);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: ruby, ruby_static\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6\")>0 && revcomp(a:bver, b:\"1.6.8.2004.07.28_2\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8\")>0 && revcomp(a:bver, b:\"1.8.2_5\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby_static\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6\")>0 && revcomp(a:bver, b:\"1.6.8.2004.07.28_2\")<0) {\n txt += 'Package ruby_static version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8\")>0 && revcomp(a:bver, b:\"1.8.2_5\")<0) {\n txt += 'Package ruby_static version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "description": "The remote host is missing an update to ruby1.8\nannounced via advisory DSA 864-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55615", "href": "http://plugins.openvas.org/nasl.php?oid=55615", "type": "openvas", "title": "Debian Security Advisory DSA 864-1 (ruby1.8)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_864_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 864-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby1.8\nannounced via advisory DSA 864-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20864-1\";\n\nif(description)\n{\n script_id(55615);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 864-1 (ruby1.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-05.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55546", "href": "http://plugins.openvas.org/nasl.php?oid=55546", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200510-05 (ruby)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is vulnerable to a security bypass of the safe level mechanism.\";\ntag_solution = \"All Ruby users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=106996\nhttp://www.ruby-lang.org/en/20051003.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-05.\";\n\n \n\nif(description)\n{\n script_id(55546);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200510-05 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/ruby\", unaffected: make_list(\"ge 1.8.3\"), vulnerable: make_list(\"lt 1.8.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:25:52", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "**CentOS Errata and Security Advisory** CESA-2005:799\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024300.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024303.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024309.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024310.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024315.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024322.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-mode\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-799.html", "edition": 4, "modified": "2005-10-12T10:33:40", "published": "2005-10-11T17:07:31", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/024300.html", "id": "CESA-2005:799", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:47", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "**CentOS Errata and Security Advisory** CESA-2005:799-01\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/024320.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 4, "modified": "2005-10-12T00:30:52", "published": "2005-10-12T00:30:52", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/024320.html", "id": "CESA-2005:799-01", "title": "irb, ruby security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "Ruby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.", "modified": "2018-03-14T19:27:02", "published": "2005-10-11T04:00:00", "id": "RHSA-2005:799", "href": "https://access.redhat.com/errata/RHSA-2005:799", "type": "redhat", "title": "(RHSA-2005:799) ruby security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T19:33:19", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "The object oriented scripting language Ruby supports safely executing \nuntrusted code with two mechanisms: safe level and taint flag on \nobjects. Dr. Yutaka Oiwa discovered a vulnerability that allows \nRuby methods to bypass these mechanisms. In systems which use this \nfeature, this could be exploited to execute Ruby code beyond the \nrestrictions specified in each safe level.", "edition": 5, "modified": "2005-10-10T00:00:00", "published": "2005-10-10T00:00:00", "id": "USN-195-1", "href": "https://ubuntu.com/security/notices/USN-195-1", "title": "Ruby vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T17:33:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2967", "CVE-2005-2337"], "description": "Ulf Harnhammar discovered a format string vulnerability in the CDDB \nmodule's cache file handling in the Xine library, which is \nused by packages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a \nspecially-crafted CDDB entry, a remote attacker could exploit this \nvulnerability to execute arbitrary code with the privileges of the \nuser running the application. Since CDDB servers usually allow anybody \nto add and modify information, this exploit does not even require a \nparticular CDDB server to be selected.", "edition": 15, "modified": "2005-10-10T00:00:00", "published": "2005-10-10T00:00:00", "id": "USN-196-1", "href": "https://ubuntu.com/security/notices/USN-196-1", "title": "Xine library vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:43:20", "bulletinFamily": "info", "cvelist": ["CVE-2005-2337"], "description": "### Overview \n\nRuby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied.\n\n### Description \n\nRuby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: [taint flagging and safe levels](<http://www.rubycentral.com/book/taint.html>). Safe levels describe the mode of operation that is allowed on potentially tainted objects. A flaw in `eval.c` may result in Ruby failing to enforce the safe-level protections. This may result in arbitrary code being executed without the appropriate and intended security mechanisms applied. Specifically, if the program is passed through standard input (stdin), the safe level may be ignored and hence bypassed. \n \n--- \n \n### Impact \n\nAn attacker may be able to run arbitrary code without security checks being applied. An application may be designed in such a manner that this results in remote, unauthenticated arbitrary code execution. \n \n--- \n \n### Solution \n\n**Apply an update**\n\nRuby 1.8.3 is the stable release that addresses this issue. Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the [Ruby vulnerability note](<http://www.ruby-lang.org/en/20051003.html>) for the issue. \n \n--- \n \n### Vendor Information\n\n160012\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Red Hat, Inc. __ Affected\n\nUpdated: October 18, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nThis issue affected the Ruby packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updated Ruby packages to correct this issue are available at the \nURL below and by using the Red Hat Network 'up2date' tool. \n \n<http://rhn.redhat.com/errata/RHSA-2005-799.html>\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Ruby __ Affected\n\nUpdated: October 05, 2005 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nInformation on updates, fixes, and workarounds for this and other Ruby versions is contained in the [Ruby vulnerability note](<http://www.ruby-lang.org/en/20051003.html>) for the issue.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23160012 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.ruby-lang.org/en/20051003.html>\n * <http://secunia.com/advisories/16904/>\n * <http://jvn.jp/jp/JVN%2362914675/index.html>\n * <http://www.rubycentral.com/book/taint.html>\n\n### Acknowledgements\n\nThanks to the Ruby project for reporting this vulnerability, who in turn thank Dr. Yutaka Oiwa, Research Center for Information Security, National Institute of Advanced Industrial Science and Technology for information on the issue.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-2337](<http://web.nvd.nist.gov/vuln/detail/CVE-2005-2337>) \n---|--- \n**Severity Metric:** | 2.57 \n**Date Public:** | 2005-09-23 \n**Date First Published:** | 2005-10-05 \n**Date Last Updated: ** | 2005-12-16 20:05 UTC \n**Document Revision: ** | 15 \n", "modified": "2005-12-16T20:05:00", "published": "2005-10-05T00:00:00", "id": "VU:160012", "href": "https://www.kb.cert.org/vuls/id/160012", "type": "cert", "title": "Ruby safe-level security model bypass", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "### Background\n\nRuby is an interpreted scripting language for quick and easy object-oriented programming. Ruby supports the safe execution of untrusted code using a safe level and taint flag mechanism. \n\n### Description\n\nDr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. \n\n### Impact\n\nAn attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.3\"", "edition": 1, "modified": "2005-10-06T00:00:00", "published": "2005-10-06T00:00:00", "id": "GLSA-200510-05", "href": "https://security.gentoo.org/glsa/200510-05", "type": "gentoo", "title": "Ruby: Security bypass vulnerability", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "jvn": [{"lastseen": "2019-05-29T17:21:35", "bulletinFamily": "info", "cvelist": ["CVE-2005-2337"], "description": "\n ## Description\n\n ## Impact\n\nAn attacker could possibly execute an arbitrary script. \n\n ## Solution\n\n ## Products Affected\n\n * Ruby 1.8.2 and earlier\n", "edition": 4, "modified": "2008-05-21T00:00:00", "published": "2005-09-21T00:00:00", "id": "JVN:62914675", "href": "http://jvn.jp/en/jp/JVN62914675/index.html", "title": "JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox", "type": "jvn", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:24:07", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 860-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 11th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ruby\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE ID : CAN-2005-2337\nCERT advisory : VU#160012\nDebian Bug : 332742\n\nYutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.dsc\n Size/MD5 checksum: 952 551966d3fda510ab6609efc34d6bd8c3\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5.diff.gz\n Size/MD5 checksum: 45214 d4c661766b9dc68b5d242b132aacbf71\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7.orig.tar.gz\n Size/MD5 checksum: 996835 a8859c679ee9acbfdf5056cdf26fcad3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/r/ruby/irb_1.6.7-3woody5_all.deb\n Size/MD5 checksum: 51388 bdec8679bf80535ec7a3bbd49c4ed6e1\n http://security.debian.org/pool/updates/main/r/ruby/ruby-elisp_1.6.7-3woody5_all.deb\n Size/MD5 checksum: 30438 b172a832ca173372ababd59babf102cc\n http://security.debian.org/pool/updates/main/r/ruby/ruby-examples_1.6.7-3woody5_all.deb\n Size/MD5 checksum: 38018 4bb23549b9b4981886f37d70aa028993\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 129594 5addf6eb42dde52eea7e0b7e0951be94\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 128700 16024eb4c9d88b3c1880a4f8bf792efc\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 130080 ac62e8e089060e2cd737840ad77ab271\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 134978 4e0df5a3e650ee59f755b3bf58c7d572\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 132018 aa03506125ab54056057d27a61af202e\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 128584 ed5002f3927814c0e08ab5f85d6ba9e5\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 644604 db64bd84fd323881f465a49d3179ff14\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 132470 802403def99ca35d674d808192cd146e\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 129070 6450e83dcf8c4ba3d794a04f1379b323\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 147602 d09ddb9cecb955a56fb7c42f4349b57f\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 161582 cd611b93c6e4220d0ffff99fb2556618\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 142760 3622426c392f9fca540ff1a44d5deed1\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_alpha.deb\n Size/MD5 checksum: 626082 e08e2e93602ac95abd45833a2eb92821\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 128584 43c7e57f3a4f5e594221d4bf4c7dfb7f\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 127460 2eda8af9bb8b722d0e6bd1b50ad89f4d\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 128420 f01f4da2eb89ec6c6ffd50c461177ffc\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 134588 bf7ac7c6d01120e64bb4cb35aa9f3f5a\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 131328 216e67b0e333c046fadc659b6ff4c397\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 127470 b116cc920991c4188ec2226c39af1002\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 602774 b9ff70c418ddbf3b1b620301b4c36c56\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 130602 f2aaadd527b7daede43307e158f283dc\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 128296 18492115821c42676e3d8a78e5db009e\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 146828 535237cacf1940c3ebc7de247d113abc\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 161390 ab9a10b1778b37db459addc5de1e4566\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 142410 204b041fff5bd5bc6e1bd294ae2bc892\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_arm.deb\n Size/MD5 checksum: 572716 e026e5c3452b42d455a2eec4d165d79e\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 128068 08725c4eb2ed019492b0341dd0a5330d\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 127282 32a6e3ef5466ce4731d36461eaa17972\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 128072 2755301286c11c942d990d4700df4d7f\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 132820 16f1188a52b0066c782aac16d0066b2c\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 131126 98f642c1695aa85660e01b85da94221b\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 127234 425551af222de3aafefa24abbac7562b\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 561442 6711cd3d3dfa633741763af9a937aa23\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 130096 522ad7b8d2d01afc5967df01590945e8\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 127540 17b99f9bb7656a84da6291d98de82d99\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 146466 718cc8a23c00a6c17551e8cc32a635e3\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 161430 86da7a51ab1d8670d0ba975b63a17599\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 142466 4c09dee6dca063b3a3129fba9ec5e2ff\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_i386.deb\n Size/MD5 checksum: 492656 870934b923271ea29f4dcd6d301a7230\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 133220 e79b7c824bf1b4d35fd32fe9f7fa792b\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 132740 c4542e3a1b6e042f44b18c1aa1acc1f8\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 134746 0caff55bf479b72a3955225f8a0554b7\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 139956 845ddc646096f8b83c2b7a17349eadb5\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 134108 c2c54195aa3afde5240bb700495e431f\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 131684 0d2bce7ea27bb42c04c5e57c9d427eba\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 854376 f9bbc7a3e2c24e5feea248d83a33cf45\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 140440 65338e07df3a04450a3ce77b56e349e6\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 130830 2f798f1dd5d1bab5430e053886f16f1a\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 150428 f9a529ac7f458e2a8b955cf045ede5ef\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 162432 f0faff2a31be069bc3725d91e3dfcf5e\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 143282 84ccf19fff6e067abacdeee5b53cfd62\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_ia64.deb\n Size/MD5 checksum: 755134 39d4e135ed7d41d7cf36c02fc65e40d8\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 130620 18824711592d38afb46c3bbe88b7000d\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 129342 b7604fa4086a3a2c087d22fce52d6926\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 130844 df54e9181c4cdb66b1eb3004757ed615\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 136100 66fa8cd3f735d490ac744ee8c8e065cc\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 132326 d7041eef1502d1f03800f36bf07c5d31\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 128682 153364a5308c6297d8ab052f58aede17\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 686092 c8c31e0dfd459134f4483c25ecb1605e\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 133000 e835d5bea37629a7c030f41f7727bd30\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 129138 fa5bd080276b3420e65e18dbf28b58db\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 148062 5438497f33bf13a89763ffcfad7e8307\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 161918 6a134229fe5bd8805a7eb1fb9f70fb7b\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 142682 ad86a668a0fdce652f82ecbc860642d4\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_hppa.deb\n Size/MD5 checksum: 667184 75525766980d720ef9466dc5084f0aad\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 128462 8b53b52b9d172ec8a4c2ca273ad2e50c\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 127274 22ea934d90e831ecb7301f770e4d4e4c\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 128422 b481bb5dbf7d8a93d564bf8ce2d3c8c9\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 132854 0762b8fd6b1a854cc8f8019cea72a4be\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 131388 17cbfe8113ded65e73296458b6c55e43\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 127460 b57b7ce7916bd449155859a12d5f36e3\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 561566 20c1f429ce0801de8fbccc42af9070fe\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 129810 a2a33ad6f2e99e2b02bf2a54bab0e639\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 128268 063cfc2ede7a7ddd2c468af73c241a84\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 146694 2a19f465b91bb3437c8af442c59e6421\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 161466 649623cc5642cd95376dbd79c0f07526\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 142414 c232d7bb1658e342ee111eacb36174bc\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_m68k.deb\n Size/MD5 checksum: 470866 59c178ae18b0b24f68ac9604251e3002\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 128320 aefd47e6723cc63ff4fbf7362c149c8f\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 126996 a7cf134385bb6b9f4c7816efce108b75\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 128158 8e41685e563713c121ccbc4bf402d9db\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 133776 f58298154540c36c03034ec05fa47197\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 131022 981dbeab5f95af5fbd03701d33dc78f9\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 127268 00fb08327c8ec736425ac8bbb8a59602\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 581962 ae286a7d6af2b63c32e5c83221e037a3\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 130500 61ed7a947ed21291986c550e582e7893\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 127880 df2365ad710056bf5adf583599553769\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 146632 f14e29848521e87c99eb831fa38aeaea\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 161494 91f17ebfc8f2312ccd8de4b48f044fc5\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 142794 6158778b805819770ae450c7be6cc636\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mips.deb\n Size/MD5 checksum: 587476 56e3a663bed556c62245f44fb842a260\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 128270 51cdcfce40d81d6638dc5911a53af74f\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 127010 0a920aa47f080a9b7a013d9be6c4893d\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 128170 6754cef3b431913af6beadc9d6b5c992\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 133782 c12e182534e982c17748052456d2c63b\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 130994 30c478fdee5b2b816f5cde1de1c9ce9a\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 127204 e3d3b6570b9e466cb00422894b89f272\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 581506 b440b99e2f4e22def3fb16acb53c2789\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 130492 61b91e3644804b7930ef242bd7eaec00\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 127860 b79131a39645af7ff39d28a46caf2281\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 146560 9217697a7f9d61e8fa7afde70b05cb46\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 161480 e2fd66dc33a7fef5774c0e9e206439b1\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 142794 24f322a483564685309ec237564cb6d5\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_mipsel.deb\n Size/MD5 checksum: 578040 a3e73feefcefc2ba5a395d22988465ed\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 128440 4aab33c5e3b67bb9587157ee92d54b59\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 127652 43cea2b0744fb18d534a198ab378e56b\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 128736 be8c8a5e89f4869b0cfb7fe2f459c0e0\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 134484 41b2c0ac000cf39c6939044be278c901\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 131380 9a9768cbd57fea5ffd213b5e3704477b\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 127538 fd92851b186db9671b9f7ca5ae45becf\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 607244 d8708b9ace56768e8d0f04fdaa73383d\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 130610 ca66d341fa806e4134f28651d268a303\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 128350 a15ae783638e26b5a8e304e1e5604ab5\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 147064 91ca064abd335e40f9f4e78938031a06\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 161490 0789a5a2db577b8a5e4f382ee021df5d\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 142502 2985b64774c866d8ea9d696caec05d2d\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_powerpc.deb\n Size/MD5 checksum: 529288 f1524421a9e6dc8e6923f75bfc8f7db5\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 128658 5e577aab56fda2c047e3dba9339c68e0\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 127854 4339a54fcc69ea122b828823780f9898\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 128914 81334959c6f199176b33f21dd7e78554\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 133690 9dc2189e5874e459739a644add67adc6\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 131850 8579274c8888e4a1d6fba0dd19118242\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 127940 087559fad36518eeb6fd44a01ed912c4\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 600770 3eeca259d6d6e5daf060048ae1c8c519\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 130864 d2a839f6b33c2e7020218fd23ac7f6a1\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 127924 72df0f116934d714d32def89277a970a\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 147222 e6778fca82f71b5d43fb03d4cbb03fe9\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 161560 668c35f9c33acdd9f3a994a0bc927d1a\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 142670 ae3246594cfa2e3285bcd636f984386f\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_s390.deb\n Size/MD5 checksum: 532308 445a8016212e5b787625097127b4a1a4\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby/libcurses-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 128412 87c7feb58f11785c1af6f9a51d987a2f\n http://security.debian.org/pool/updates/main/r/ruby/libdbm-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 127468 c34d8ed252a8d1ef5051a17e3fbd743e\n http://security.debian.org/pool/updates/main/r/ruby/libgdbm-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 128918 b24361084a9998be8f7fb84393221c19\n http://security.debian.org/pool/updates/main/r/ruby/libnkf-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 134320 9015a2988d0f5305d996f5fb387f2bc4\n http://security.debian.org/pool/updates/main/r/ruby/libpty-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 131362 8272893400574f4f0934f2b04072ce09\n http://security.debian.org/pool/updates/main/r/ruby/libreadline-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 127438 0b36fe5c0f86ba2334cc91013f366688\n http://security.debian.org/pool/updates/main/r/ruby/libruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 603136 07188840adfada3ac0af455668f7a908\n http://security.debian.org/pool/updates/main/r/ruby/libsdbm-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 130212 8d41c72d9695b44afe1e67369fd1ce46\n http://security.debian.org/pool/updates/main/r/ruby/libsyslog-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 128284 3be2192cc38ab41907c7a2331069b286\n http://security.debian.org/pool/updates/main/r/ruby/libtcltk-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 146774 3f65f580c669efb932f31411b58c4c4c\n http://security.debian.org/pool/updates/main/r/ruby/libtk-ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 161528 76ca94791c147efc9a7beb85c526cfdf\n http://security.debian.org/pool/updates/main/r/ruby/ruby_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 142452 a606854f0cf791b868b2821d4bed54f2\n http://security.debian.org/pool/updates/main/r/ruby/ruby-dev_1.6.7-3woody5_sparc.deb\n Size/MD5 checksum: 561276 e1e23af9f2a36746bdcdf5f8e24769b6\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 9, "modified": "2005-10-10T00:00:00", "published": "2005-10-10T00:00:00", "id": "DEBIAN:DSA-860-1:9E4F5", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00254.html", "title": "[SECURITY] [DSA 860-1] New Ruby packages fix safety bypass", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:21:21", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 864-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 13th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ruby1.8\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE ID : CAN-2005-2337\nCERT advisory : VU#160012\nDebian Bug : 332742\n\nYutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.dsc\n Size/MD5 checksum: 1024 02c4885bf1d3d6272be11978e8d9418d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2.diff.gz\n Size/MD5 checksum: 531380 ce444a411b23c9d971653956b2225448\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz\n Size/MD5 checksum: 3623780 4bc5254bec262d18cf1ceef03aae8bdf\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge2_all.deb\n Size/MD5 checksum: 166200 950967e1aebed573ce5dc7dfb3aa92c5\n http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge2_all.deb\n Size/MD5 checksum: 234134 c88180c3fa145702ee4b06d2249a807d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge2_all.deb\n Size/MD5 checksum: 704562 2d2569f0b3ff912984e9420bd2b7c973\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge2_all.deb\n Size/MD5 checksum: 142306 4ecdb2f1dba4d8bb7b900b618eecb767\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge2_all.deb\n Size/MD5 checksum: 216314 246b7704cea26b42539e57c6398e3a0c\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 135712 e0195f6fdd8d8fd69014682b57baada8\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 137264 937ffdaae7b454b8125baa73059d8c35\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 237336 a612c26a6b1bf421b22cd001858740e1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 133182 fbf454b5428a59fee911aada58a924eb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 1468302 386db9fc15b60d25dd34552e24e3c50d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 826734 b821379165dd8cdeec62c679ef577589\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 1449910 be28287997258e39caccd9badbdfd95c\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 151744 afb890dc2b87799d2460dc8b2bbfb96b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_alpha.deb\n Size/MD5 checksum: 795230 4d27009b3cb959baedd807e65821f824\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 135068 0609f0501dec9b3b9f4d19bd308af45c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 136550 1f876514bb9cd3d6192b4f9eda1f48a1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 233800 745f578b197d85af57dc165f710cd0a2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 132396 74635cf281b1f404c0520794f9da880f\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 1392074 bfd324fb43c1f2ebfcf7ed8d8673cbcd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 780174 085f001489367e205362a7043bcbebdd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 1446526 f334b10112d05e862370d691d0a365d8\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 151404 cebe1b6d7ba283e369ddd03945384537\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_amd64.deb\n Size/MD5 checksum: 648656 9d20209d15264b47f4ce654be0a47bb1\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 134114 fa9211a4e8304655a753993adbf20912\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 135222 286133802cc9ba542ece606eae42c5ea\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 222152 e8ea65dc3ca8ce1cd01850f07885d507\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 131500 7ec64be742a6629bffa489e69b0a8c23\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 1348038 af53111ae865a0eca2f0349e2608e2fc\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 743418 727f40cb8768e64989b84b4b3b5f647d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 1440846 8f693fa58826b96ce0074eb1a78b9a31\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 151244 beb813b6236b405c7496051581493838\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_arm.deb\n Size/MD5 checksum: 659752 e4877ae85dbce5d6cded5553085b2108\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 134666 fd4689a103dcec74f07ef1409ad5096c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 135912 6c161489efd29807f71152870fda6242\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 224632 f7c2f927c8a9894c19250dbce94af541\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 131662 a493cb06911381c7f512f11d33e659c6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 1349200 6bb9adddc422b7f433516a7fa1edb737\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 757702 b27bc494dcbf9043645ea471f6b56135\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 1439766 99077386fc533b577c7caff5788065a0\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 151256 a279b83da66c1b526a6ad69b887ce4eb\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_i386.deb\n Size/MD5 checksum: 621964 db987b32db00808ea5597196eb488828\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 138330 aaeb7943f7c095a6f1dec2692ab2c1ad\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 140154 8b0c62eebd9e0f467113d04874330832\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 265406 1b24c64e5771209f96e769ca8bfe56f4\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 135534 d55c51c13c612ef185b3c57681a245c5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 1703448 4d184281f1f59426b9bdea84afe70267\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 997842 66576d718b46cd0b128807b67f987fe1\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 1462706 5a2fcbfe348590bdb12801378c330587\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 152160 060844ff66807aa635d4c498e64d76e1\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_ia64.deb\n Size/MD5 checksum: 867056 fd92260fbba9381725d41399a2df94ec\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 136278 38e3ec76e1ab906443cf6fec69dc0e05\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 137940 6fc19a4ccdcf112b12e1c9accb66ab8c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 246626 8295811621cf2a9d70e7e23cbdcbae85\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 133462 a5d6a0a89122f820aec8abd77185fa5a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 1500658 17492c24e92970dc0aa9cb5e4aca4c9a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 839388 e54b0657edcddf4a6ce8227c7fa31612\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 1453434 be279ff8d716abe7bd603cf0c1d6d2e0\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 151812 9b4c3047a843aa5958c96dc31a6ca033\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_hppa.deb\n Size/MD5 checksum: 735402 a873a095e04b47c39f12cf200b7ec146\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 134148 77e347fef526b6d7c91af179c04c8c0d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 135542 3e87769580c19d394630fe5a4b72566c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 230520 3afcc5c8b461a80207c6cc02fb50fccd\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 131838 b38660f2ca7420e371a7f7d876e6e950\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 1332586 96b2e8e4d3b0b86153110c7c81907194\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 729728 3ed2ad31db64434c6ddfc7dc06e6ad23\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 1439160 b45b47d802584b54dfad1c6bd8b886d3\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 151196 54f4736454fcb961a617b9662c89c932\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_m68k.deb\n Size/MD5 checksum: 552676 ebc099ac3da1a205131a7cd98abf8c4e\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 133922 5574b80e82c88ba25d711c102a50f95d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 135298 5372b46d24125108b393e2cc24222cf5\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 215232 1afd304916248bd18edfa5f55d7a3cd3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 131400 817e2f45f9e272be8a3b993eca4a7985\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 1355746 8a6f98d621f55e78dc84f7061c2b358c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 763368 2852fbb514587ab0abb3ebc2ad415df7\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 1435716 29878f0fc435dc1c33010220cc837d37\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 151958 dc0fd07a7d9e9ccadeef95bde0351817\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mips.deb\n Size/MD5 checksum: 683474 ac97f82253f46913151efd5c3099c551\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 133944 f12935c8449caa200cbb7b735de6ada6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 135310 8011dc5dce4768864419996c3f6d9a48\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 214456 c5778a3a1a07a8cd80b9ab077cde5074\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 131344 1b0e29645c8a3f9077910c96b48a1359\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 1357228 df7e72e3b3cf00080b0c69c2e2001887\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 756232 8fef45d81f7764d2d427dd5bac4dba0a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 1435972 155c5044db95709e01c01659ef93a135\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 151934 5e865f509796fe53b0d2a1b5a5c9c72d\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_mipsel.deb\n Size/MD5 checksum: 677334 8dec776253eb64b42035a7a7589bb970\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 136508 eb8794cafa6e7a9d5e31ffce9fdf2694\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 137652 a22f7061882f801c20c4907d61d9cd62\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 224840 3b55b937e39bf8c5dafbaebf05f32b9c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 133562 bb942bdf0d032ecd717704e47ccc1cd2\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 1405880 896f47ccbc5e50dd6a78cba52a59c6b6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 969794 1e912d075c159fbeb6411d1d72e880df\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 1444114 94110d9d029066fd53add4a26a98cff4\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 153102 09c2d4538d43322dad1d5470e772cecb\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_powerpc.deb\n Size/MD5 checksum: 620568 ecfe1728330b3da2c6d0f6f8a6e7e16f\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 135552 4f867891b8b39115f577b783155781eb\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 136898 3ec59c86a92fc1701aea5bc1c7f0de67\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 239628 e5cf477060d233cbd8fd7d9e830a6e95\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 132888 7c4f2d122a8f104f6da6fee3251662f3\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 1430880 8fffb3c762493b245e1e446c4e5c9425\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 907026 feb133e3bb6acd170fb4b9202f0f0b39\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 1447002 3f8391fea58a78e222224d8214758af6\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 151486 fea474393cc04d3de74061bf04f537cd\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_s390.deb\n Size/MD5 checksum: 674232 83aed4af46b6f3bb1b1f0dbabb4e58c5\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 134400 9eed1234d06c62465aab5ae4e65eed8a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 135594 4ed728b82c57df8e6e0b9e59148379b6\n http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 228836 99ead3d7d81c4829545e076dc8d6350d\n http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 131752 ee4391927a34eefdeea3d8221f65380c\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 1372598 f1d3a7ee86e225463216ce941ce2e53b\n http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 747546 125894cb5762503df22983895697ad5a\n http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 1441758 d1a84594180334347f17fd7bff0dad3b\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 151248 dca393d8688579270f35d31fc731b8cc\n http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge2_sparc.deb\n Size/MD5 checksum: 646070 f5375c053ef3cf8f517581ece10a1e86\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2005-10-13T00:00:00", "published": "2005-10-13T00:00:00", "id": "DEBIAN:DSA-864-1:F6347", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00258.html", "title": "[SECURITY] [DSA 864-1] New Ruby 1.8 packages fix safety bypass", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:11:29", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 862-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nOctober 11th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : ruby1.8\nVulnerability : programming error\nProblem type : local\nDebian-specific: no\nCVE ID : CAN-2005-2337\nCERT advisory : VU#160012\nDebian Bug : 332742\n\nYutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1.dsc\n Size/MD5 checksum: 995 e613b3e49e65dd6001cf69b2d1dcd02a\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1.diff.gz\n Size/MD5 checksum: 77597 1501c9f27a55bc85d7acef46fe4c4cc6\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz\n Size/MD5 checksum: 1022364 aa1e272added83a5206c565d62c9c8ed\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge1_all.deb\n Size/MD5 checksum: 174586 2a9851bd0af6614dda24588455074ff1\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge1_all.deb\n Size/MD5 checksum: 152398 d695298a1a0a68502be9447e6bec21fd\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge1_all.deb\n Size/MD5 checksum: 160090 36f37b50ac679829dd40a15c0dbc473a\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 146272 830999406560e426388906bed6fc32f0\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 144768 8cc291975b2028ffa664014e457aef51\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 146272 ed776465141513435c7acd651a515771\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 148336 1b77918342617fd5d4e0dedc925947b7\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 144624 679c1efd1d5f72340204c5138c47a394\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 687886 f4ed9f39d03136054e133003d181811b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 726048 6872073af42d36e7c55cfe89ff80294d\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 148838 a07c2f788d657792689d26a7eb7a0767\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 144750 c425a6f852f34a4ae36b9909abc39fe8\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 165262 3299987425ccde3d8c7d63e4c68a9419\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 178364 cdb82c24909c956502e7a164b8a5cfbf\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 159012 64269aef2e9ef5e41c6d4a685d698ef1\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_alpha.deb\n Size/MD5 checksum: 699520 cc9b4b545800d24736c0aa61eae7b7ed\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 145214 62f6775a96a52c992009e7ae78870857\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 144048 bc43d68ce732701e49e5f718ed3a1250\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 145600 4c1e65809496c716c402e8e36df61ff2\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 147742 2b4938f3482593cee9e2f2237771b085\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 144008 7f87c6d385866e425225ab2111922222\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 641870 fc06992c575a42ab7bec4c451e399b2b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 687588 12aa68b51a965709d07b66b2ae468fe7\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 147486 849ab6e15f230955b3fe2811c4c5bbbe\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 144274 9e9e5e282235b023663377a922c12e8c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 164534 6ffe869fe587eeb8af0afa85e59ba04c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 178106 1c99808fc26ee57524b325f23bc954b7\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 158718 04e41efde4ff5bc65e318a329bc58a0e\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_amd64.deb\n Size/MD5 checksum: 576640 8ecc9bc9d98f5cc6252669cb4226a8d2\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 144204 f1645645feb3afbdb4d2b05414338246\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 143178 d0f47d2993103dd0374f122bc9581acc\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 144118 0d292e323905542ace2fcff80ce7a96b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 147034 9c4e1e6234c99aaf9a5c6a7567cf0eaf\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 143214 2f9a1d7392f4404caec61be544212b58\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 616070 46cce24fb6f8517b44b5116f9fca82d8\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 657706 ad063f27e515e00fa054dae13afe3b0b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 146276 3c13f593a6b9105b37725133cc404f37\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 143842 92d5e50b479aafc91b1dbcaf9cc84630\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 163706 681543bf91f9e6cb3429f124946f81d0\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 178038 9ae24accb6bee6ce912f300cf220d465\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 158484 23481ba5c2c3fc25f08826dd44e3b3df\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_arm.deb\n Size/MD5 checksum: 581472 f33a2034bb5834b388ff7a34b2eba076\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 144606 1c7f814e73111b9c7e278c646a493c9e\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 143786 4422413479fb4ec1ff2a1ce539f6fa9a\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 144840 9d920a52efe0ed2d9fff9f2e7e9e31d3\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 147172 b0fa56144fca3904cf94367256aa2958\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 143386 97620abbd856d284be4e11ccd70cfc30\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 616208 43df4e31f759d0693580601a419d46e8\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 669234 c53d3fd003fbe35bf5003b896905735b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 146982 9588d68679bc1436f1030275e63e66f1\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 143706 8d19c9b3e2c07eaf00fdafbd8966bf0c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 163964 5b4c2033f0f48bc922e90438c77785c5\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 178024 5fa725579a6d816aac3e4dd54fe5414d\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 158492 25bcbc16181918c7f3b20d90eeb8c61c\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_i386.deb\n Size/MD5 checksum: 551580 d0fcca5bc2ff091a57fb8b2e2a89e6a7\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 148064 b14fa6d594e3c9f415075886c59efc91\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 146936 31e49c117bf65ddc43589d5bbd513c0a\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 148966 990625da55b6e7209685a0f89e76f9ef\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 150416 d7108c6c559af7a6291619d1f732174c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 146798 c3f6984e76608a9b977e5836319ea0c1\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 820242 4ddff67147676d5cbc830b230c5b4402\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 874392 06b2241fbd41959490366790ff331313\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 153986 c5e2caa2d199e15525ebd5bb23a4c37b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 146256 70af049f3475c7a90743b265945202cf\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 167436 eeec3779c043bc4b4d7bffd0ae6d4b6c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 179064 b344581902e348080d335305164b70ff\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 159436 b4ed63ae8c85d96e7fb4b44f8d21a68d\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_ia64.deb\n Size/MD5 checksum: 761782 389aeb10ae44b9d25f40de130e2982de\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 146312 3e20478abb95835da131825bc2988b73\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 145254 4150ecda48bb95ec672a0acc8ed49d6d\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 146752 7a88dd5c944d6b70a62771b756a52fea\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 148694 150a7aec78e0db67e91833bf8279ecfb\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 144862 a611079fc01763bd37a58d8aab20ba37\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 702356 28fc0e042bb8f2bc2069411ac0ba0f54\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 740460 a503abdabdfcf61969491ca7547e6b0e\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 148658 55fc1849954f9cb974bbac9869e0077a\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 145380 1bc8d041dc148f66847854cb6793a399\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 166084 e6eac2b99b584abe67612fedea626d42\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 178814 c5206bc7bbf8e308d365a05dc5a9c992\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 159076 31e740218b0084a74b8260e8dbf60f6f\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_hppa.deb\n Size/MD5 checksum: 650322 fcee80e774dfe9de2b278b2b8ffb2adc\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 144534 caffa585178c88b5fcf8fc214cb8308b\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 143220 8e44dafd97bcf0a0f8afe93c0b01de27\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 144432 6b714c1ab2f0fa4071edb9deb465fe57\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 147360 ee206d81469da1c6f7736ac51845ba5f\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 143474 bcee1f58c2ca9057c2a411a0740e0573\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 602716 24d9bd038d628c1db384bfb7aa4cd773\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 647806 971b47d4fae8ccb0f53f7e829ba0544f\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 145680 3f5aad29b03a85dca9a4f72dbd44a5c6\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 144260 4dcb803b3ec95fef747d89ae4fae94fa\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 163888 751e9a821575b3c77232c3d35911f7af\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 178018 28fbfbe7376779ca8386891f930d6765\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 158428 3ec10442a3d8f8f28953f8e6924971d7\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_m68k.deb\n Size/MD5 checksum: 493178 a6d69685e82ebc824817822d88698cc9\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 144242 4f8ed87a6e2976008b08b7eabfff755f\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 143152 cfc383910f43654f09b8ee6eeb2489ee\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 144340 2dbf9353884f300828f575fb21de190d\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 147512 64c25b9a7e0c67d49b7790e6f171bdb4\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 143394 6ccdd3e605ea67f5e034033515c36225\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 626520 7c8b4354f567869f1372d7244fa38fcf\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 675786 796fca31a249c630afb9f062c07872fb\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 146698 70318712fdf70fd552440737766988f0\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 143686 8f47673723d2442b4d4f31949f2b5c82\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 163360 d7ac01193e37eb475ceb73d5497986e7\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 178126 b1bd10d219f1865d50a416477425f835\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 159248 4e285dbfb07335958986f5c2d89707df\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_mips.deb\n Size/MD5 checksum: 603820 d7fac4c7a792ee77f63215e9ba964348\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 144214 671e6ee5dadd9d1f17c8cadacc4a3fa0\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 143134 37278795594c78aa9d0149a75d0f2f07\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 144336 ab0fc506cd0e48174f03c103d82cc17c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 147442 034fca9d3ec1edcc7ea392b5a5f7b1dc\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 143336 f7f8a1c7939e76caa21b5a459711e588\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 626868 a07abe6c151ee0d6cbe68243ed67c772\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 669678 22fd298c6e8f937240f08a1267734853\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 146724 dc9f2c30aba80e93eed5c28f9c457b48\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 143676 687d27e46d90ba1f6230f9449b831f64\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 163300 5d04b6ad98189d3d33eda25e845d8983\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 178114 178a5a76059b4283296fdf3506fbd411\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 159234 ebd830bd191a2b57b303cd4386820fbe\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_mipsel.deb\n Size/MD5 checksum: 597128 53bccd3908f546a3f7a0dee384a86160\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 146082 29d498883a7e119aaa7e2f4686a8a150\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 145600 2d7e763c8df7c32a43eea2d0b340d271\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 146624 53b861a0d56ca164448c7f54eedcc997\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 149280 e943df99c3446492674e72d9115b02a6\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 145264 903c6ab6388f3c8b789bdbb0c79c3cc1\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 650948 e0d59d1d6b367785e46b421de716a6ce\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 857840 0386239944c697c4795374c92b79b3ca\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 148638 446de38974e1ae8975b3690726b3cc46\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 145856 29bfa85722e178918c0af0736150a589\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 165454 4517c79531d330a4ca5017378e7e7d55\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 180046 14656cefb29bdc971d2868f16f91b296\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 160406 028694ae18a64e504b48882441118dec\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_powerpc.deb\n Size/MD5 checksum: 554456 e6a2e7b958723c6db21d61aaadf4f57c\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 145594 6e4dd004f179021b0abc04becce5cb42\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 144478 450e600c71e9b02b230e9fd4b9cf1bd4\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 145884 e6366a34175091fa0a784639a82b24dc\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 148244 681cbb886fb1de22c0f62f716204e036\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 144452 185f29d21fec0491749ff76834bfe4a2\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 665724 910c194a43c021d7ea4225f880efe925\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 794702 b431c1c0c10697aa06a9e2635d86489d\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 147978 3a6393d860d3bc3a83ba123a5e4d1646\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 144456 295ef46485f7192c12800cd576fa2f1c\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 165022 131a76337cfc3b10bcef1154ace8db87\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 178322 066bc3fdc9add59974a853c742958898\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 158748 e4d4fefe7665e96d5c1cfc981a58ddb7\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_s390.deb\n Size/MD5 checksum: 596304 f942722704b9a8f90228d03755b2cc9e\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 144338 5332edabace9de394a21fb16dd68fc00\n http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 143362 03b589c0a518b0f44e16cbe4361028f4\n http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 144576 acc39c3ba4b4bd2497732a3862ca957f\n http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 147296 5a8c72ddd29daa72ff4c41d145b47e0a\n http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 143426 eefa9293af5d7bc1a48230d7f99ad214\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 632062 4870dbbbc0eee377fd47e103eb709fd1\n http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 662146 3a3b701fc2ab97a5d8f3ce2163a85e38\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 146136 1c917b26ddca3363bb0dace0a88b118f\n http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 144176 08d3ccecd5906ccb786d1f4cc357c876\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 164110 4ad811d916642b4c163fb15cb47553e3\n http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 178084 03ee561cda0e95ffc8aeae1273d3ce91\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 158504 ad024bd45125b917ad22eba95404d0a5\n http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge1_sparc.deb\n Size/MD5 checksum: 573712 4da39b6b64fbcd25256fd5d7e1ca1fe2\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 7, "modified": "2005-10-11T00:00:00", "published": "2005-10-11T00:00:00", "id": "DEBIAN:DSA-862-1:07C4F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00256.html", "title": "[SECURITY] [DSA 862-1] New Ruby 1.6 packages fix safety bypass", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:03:36", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 24, "published": "2005-10-19T00:00:00", "title": "Debian DSA-864-1 : ruby1.8 - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-19T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby1.8", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-864.NASL", "href": "https://www.tenable.com/plugins/nessus/20019", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-864. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20019);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"864\");\n\n script_name(english:\"Debian DSA-864-1 : ruby1.8 - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"irb1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.8-dbg\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"rdoc1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ri1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-dev\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-elisp\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-examples\", reference:\"1.8.2-7sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:36", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 25, "published": "2005-10-11T00:00:00", "title": "Debian DSA-860-1 : ruby - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-11T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:ruby"], "id": "DEBIAN_DSA-860.NASL", "href": "https://www.tenable.com/plugins/nessus/19968", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-860. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19968);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"860\");\n\n script_name(english:\"Debian DSA-860-1 : ruby - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-860\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"irb\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcurses-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libnkf-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpty-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libreadline-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsyslog-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtcltk-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtk-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-dev\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-elisp\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-examples\", reference:\"1.6.7-3woody5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T09:24:53", "description": "Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.", "edition": 26, "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : ruby (CESA-2005:799)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2006-07-03T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-libs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:ruby-mode", "p-cpe:/a:centos:centos:ruby-docs", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:irb", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-799.NASL", "href": "https://www.tenable.com/plugins/nessus/21860", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:799 and \n# CentOS Errata and Security Advisory 2005:799 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21860);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"RHSA\", value:\"2005:799\");\n\n script_name(english:\"CentOS 3 / 4 : ruby (CESA-2005:799)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012262.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b274d333\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd14acab\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012271.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2bf89c5c\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ed60c4d8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x / 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-devel-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-docs-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-libs-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-mode-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-tcltk-1.6.8-9.EL3.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-devel-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-docs-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-libs-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-mode-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-tcltk-1.8.1-7.EL4.2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:05:32", "description": "Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.", "edition": 27, "published": "2005-10-19T00:00:00", "title": "RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-19T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:irb", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-mode", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2005-799.NASL", "href": "https://www.tenable.com/plugins/nessus/20049", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:799. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20049);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"RHSA\", value:\"2005:799\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-2337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:799\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:799\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"irb-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-devel-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-docs-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-libs-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-tcltk-1.6.4-2.AS21.2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-devel-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-docs-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-libs-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-mode-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-tcltk-1.6.8-9.EL3.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"irb-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-devel-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-docs-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-libs-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-mode-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-tcltk-1.8.1-7.EL4.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:51:59", "description": "The remote host is affected by the vulnerability described in GLSA-200510-05\n(Ruby: Security bypass vulnerability)\n\n Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce\n safe level protections.\n \nImpact :\n\n An attacker could exploit this vulnerability to execute arbitrary\n code beyond the restrictions specified in each safe level.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2005-10-11T00:00:00", "title": "GLSA-200510-05 : Ruby: Security bypass vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ruby"], "id": "GENTOO_GLSA-200510-05.NASL", "href": "https://www.tenable.com/plugins/nessus/19975", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19975);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"GLSA\", value:\"200510-05\");\n\n script_name(english:\"GLSA-200510-05 : Ruby: Security bypass vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-05\n(Ruby: Security bypass vulnerability)\n\n Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce\n safe level protections.\n \nImpact :\n\n An attacker could exploit this vulnerability to execute arbitrary\n code beyond the restrictions specified in each safe level.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/20051003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/ruby\", unaffected:make_list(\"ge 1.8.3\"), vulnerable:make_list(\"lt 1.8.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:40:17", "description": "Ruby home page reports :\n\nThe Object Oriented Scripting Language Ruby supports safely executing\nan untrusted code with two mechanisms : safe level and taint flag on\nobjects.\n\nA vulnerability has been found that allows bypassing these mechanisms.\n\nBy using the vulnerability, arbitrary code can be executed beyond the\nrestrictions specified in each safe level. Therefore, Ruby has to be\nupdated on all systems that use safe level to execute untrusted code.", "edition": 24, "published": "2006-05-13T00:00:00", "title": "FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2006-05-13T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby_static", "p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_1DAEA60A471911DAB5C60004614CC33D.NASL", "href": "https://www.tenable.com/plugins/nessus/21394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21394);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2337\");\n\n script_name(english:\"FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby home page reports :\n\nThe Object Oriented Scripting Language Ruby supports safely executing\nan untrusted code with two mechanisms : safe level and taint flag on\nobjects.\n\nA vulnerability has been found that allows bypassing these mechanisms.\n\nBy using the vulnerability, arbitrary code can be executed beyond the\nrestrictions specified in each safe level. Therefore, Ruby has to be\nupdated on all systems that use safe level to execute untrusted code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/20051003.html\"\n );\n # https://vuxml.freebsd.org/freebsd/1daea60a-4719-11da-b5c6-0004614cc33d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a01709f7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby_static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>1.6.*<1.6.8.2004.07.28_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>1.8.*<1.8.2_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby_static>1.6.*<1.6.8.2004.07.28_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby_static>1.8.*<1.8.2_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:36", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 24, "published": "2005-10-11T00:00:00", "title": "Debian DSA-862-1 : ruby1.6 - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby1.8", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-862.NASL", "href": "https://www.tenable.com/plugins/nessus/19970", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-862. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19970);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"862\");\n\n script_name(english:\"Debian DSA-862-1 : ruby1.6 - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-862\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"irb1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcurses-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpty-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libreadline-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.6-dbg\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libsdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libsyslog-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtcltk-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtk-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-dev\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-elisp\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-examples\", reference:\"1.6.8-12sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:25:42", "description": "The object oriented scripting language Ruby supports safely executing\nuntrusted code with two mechanisms: safe level and taint flag on\nobjects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby\nmethods to bypass these mechanisms. In systems which use this feature,\nthis could be exploited to execute Ruby code beyond the restrictions\nspecified in each safe level.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libyaml-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libiconv-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libpty-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev", "p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libtk-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libstrscan-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:rdoc1.8", "p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples", "p-cpe:/a:canonical:ubuntu_linux:libzlib-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsoap-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:libtest-unit-ruby1.8", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libracc-runtime-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:irb1.8", "p-cpe:/a:canonical:ubuntu_linux:ri1.8", "p-cpe:/a:canonical:ubuntu_linux:libcurses-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp", "p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:liberb-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libbigdecimal-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsyslog-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:librexml-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libwebrick-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libdrb-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libdl-ruby1.8"], "id": "UBUNTU_USN-195-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20609", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-195-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20609);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"USN\", value:\"195-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The object oriented scripting language Ruby supports safely executing\nuntrusted code with two mechanisms: safe level and taint flag on\nobjects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby\nmethods to bypass these mechanisms. In systems which use this feature,\nthis could be exploited to execute Ruby code beyond the restrictions\nspecified in each safe level.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbigdecimal-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurses-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdrb-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liberb-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libiconv-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpty-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libracc-runtime-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:librexml-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsoap-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstrscan-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsyslog-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtest-unit-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebrick-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libyaml-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libzlib-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"irb1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libbigdecimal-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcurses-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdrb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"liberb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libiconv-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libpty-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libracc-runtime-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"librexml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsoap-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libstrscan-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsyslog-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtest-unit-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libwebrick-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxmlrpc-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libyaml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libzlib-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"rdoc1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ri1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"irb1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libbigdecimal-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libcurses-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdrb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"liberb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libiconv-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libpty-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libracc-runtime-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"librexml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsoap-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libstrscan-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsyslog-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtest-unit-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libwebrick-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxmlrpc-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libyaml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libzlib-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ri1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb1.8 / libbigdecimal-ruby1.8 / libcurses-ruby1.8 / libdbm-ruby1.8 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:25:45", "description": "Ulf Harnhammar discovered a format string vulnerability in the CDDB\nmodule's cache file handling in the Xine library, which is used by\npackages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a\nspecially crafted CDDB entry, a remote attacker could exploit this\nvulnerability to execute arbitrary code with the privileges of the\nuser running the application. Since CDDB servers usually allow anybody\nto add and modify information, this exploit does not even require a\nparticular CDDB server to be selected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2967", "CVE-2005-2337"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxine-dev", "p-cpe:/a:canonical:ubuntu_linux:libxine1", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10"], "id": "UBUNTU_USN-196-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20610", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-196-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20610);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2337\", \"CVE-2005-2967\");\n script_bugtraq_id(15044);\n script_xref(name:\"USN\", value:\"196-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a format string vulnerability in the CDDB\nmodule's cache file handling in the Xine library, which is used by\npackages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a\nspecially crafted CDDB entry, a remote attacker could exploit this\nvulnerability to execute arbitrary code with the privileges of the\nuser running the application. Since CDDB servers usually allow anybody\nto add and modify information, this exploit does not even require a\nparticular CDDB server to be selected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-dev and / or libxine1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine-dev\", pkgver:\"1-rc5-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine1\", pkgver:\"1-rc5-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine-dev\", pkgver:\"1.0-1ubuntu3.1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine1\", pkgver:\"1.0-1ubuntu3.1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T03:25:07", "description": "The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2006-003.\n\nThis security update contains fixes for the following\napplications :\n\nAppKit\nImageIO\nBOM\nCFNetwork\nClamAV (Mac OS X Server only)\nCoreFoundation\nCoreGraphics\nFinder\nFTPServer\nFlash Player\nKeyCHain\nLaunchServices\nlibcurl\nMail\nMySQL Manager (Mac OS X Server only)\nPreview\nQuickDraw\nQuickTime Streaming Server\nRuby\nSafari", "edition": 23, "published": "2006-05-12T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2006-003)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1449", "CVE-2006-1453", "CVE-2006-1630", "CVE-2006-1456", "CVE-2006-1446", "CVE-2006-1614", "CVE-2006-1443", "CVE-2006-1450", "CVE-2006-0024", "CVE-2005-2628", "CVE-2006-1439", "CVE-2006-1455", "CVE-2006-1983", "CVE-2006-1447", "CVE-2006-1454", "CVE-2006-1440", "CVE-2006-1985", "CVE-2006-1452", "CVE-2006-1552", "CVE-2006-1442", "CVE-2006-1982", "CVE-2006-1451", "CVE-2006-1445", "CVE-2006-1444", "CVE-2006-1441", "CVE-2006-1984", "CVE-2006-1615", "CVE-2005-2337", "CVE-2006-1448", "CVE-2006-1457", "CVE-2005-4077"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2006-003.NASL", "href": "https://www.tenable.com/plugins/nessus/21341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21341);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2006-1439\", \"CVE-2006-1982\", \"CVE-2006-1983\", \"CVE-2006-1984\", \"CVE-2006-1985\",\n \"CVE-2006-1440\", \"CVE-2006-1441\", \"CVE-2006-1442\", \"CVE-2006-1614\", \"CVE-2006-1615\",\n \"CVE-2006-1630\", \"CVE-2006-1443\", \"CVE-2006-1444\", \"CVE-2006-1448\", \"CVE-2006-1445\",\n \"CVE-2005-2628\", \"CVE-2006-0024\", \"CVE-2006-1552\", \"CVE-2006-1446\", \"CVE-2006-1447\",\n \"CVE-2005-4077\", \"CVE-2006-1449\", \"CVE-2006-1450\", \"CVE-2006-1451\", \"CVE-2006-1452\",\n \"CVE-2006-1453\", \"CVE-2006-1454\", \"CVE-2006-1455\", \"CVE-2006-1456\", \"CVE-2005-2337\",\n \"CVE-2006-1457\");\n script_bugtraq_id(17634, 17951);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2006-003)\");\n script_summary(english:\"Check for Security Update 2006-003\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote operating system is missing a vendor-supplied patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2006-003.\n\nThis security update contains fixes for the following\napplications :\n\nAppKit\nImageIO\nBOM\nCFNetwork\nClamAV (Mac OS X Server only)\nCoreFoundation\nCoreGraphics\nFinder\nFTPServer\nFlash Player\nKeyCHain\nLaunchServices\nlibcurl\nMail\nMySQL Manager (Mac OS X Server only)\nPreview\nQuickDraw\nQuickTime Streaming Server\nRuby\nSafari\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=303737\");\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 :\nhttp://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__PPC_\nhttp://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__Intel_\n\nMac OS X 10.3 :\nhttp://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Client_\nhttp://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Server_\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-6]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2006-00[3467]|2007-003)\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "description": "\nRuby home page reports:\n\nThe Object Oriented Scripting Language Ruby supports\n\t safely executing an untrusted code with two mechanisms:\n\t safe level and taint flag on objects.\nA vulnerability has been found that allows bypassing\n\t these mechanisms.\nBy using the vulnerability, arbitrary code can be executed\n\t beyond the restrictions specified in each safe level.\n\t Therefore, Ruby has to be updated on all systems that use\n\t safe level to execute untrusted code.\n\n", "edition": 4, "modified": "2005-10-02T00:00:00", "published": "2005-10-02T00:00:00", "id": "1DAEA60A-4719-11DA-B5C6-0004614CC33D", "href": "https://vuxml.freebsd.org/freebsd/1daea60a-4719-11da-b5c6-0004614cc33d.html", "title": "ruby -- vulnerability in the safe level settings", "type": "freebsd", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-2337"], "edition": 1, "description": "## Solution Description\nUpgrade to version 1.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.ruby-lang.org/\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:191)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051003-01-U.asc)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_05_sr.html)\nSecurity Tracker: 1014948\n[Secunia Advisory ID:17129](https://secuniaresearch.flexerasoftware.com/advisories/17129/)\n[Secunia Advisory ID:19130](https://secuniaresearch.flexerasoftware.com/advisories/19130/)\n[Secunia Advisory ID:17285](https://secuniaresearch.flexerasoftware.com/advisories/17285/)\n[Secunia Advisory ID:17098](https://secuniaresearch.flexerasoftware.com/advisories/17098/)\n[Secunia Advisory ID:17335](https://secuniaresearch.flexerasoftware.com/advisories/17335/)\n[Secunia Advisory ID:16904](https://secuniaresearch.flexerasoftware.com/advisories/16904/)\n[Secunia Advisory ID:17147](https://secuniaresearch.flexerasoftware.com/advisories/17147/)\nRedHat RHSA: RHSA-2005:799\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-195-1\nOther Advisory URL: http://jvn.jp/jp/JVN%2362914675/243894/index.html\nOther Advisory URL: http://www.debian.org/security/2005/dsa-860\n[CVE-2005-2337](https://vulners.com/cve/CVE-2005-2337)\n", "modified": "2005-09-22T20:43:22", "published": "2005-09-22T20:43:22", "href": "https://vulners.com/osvdb/OSVDB:19610", "id": "OSVDB:19610", "title": "Ruby eval.c safe_level Restriction Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}