Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
2005-11-02T00:00:00
ID MANDRAKE_MDKSA-2005-191.NASL Type nessus Reporter Tenable Modified 2018-07-19T00:00:00
Description
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.
The updated packages have been patched to address this issue.
#%NASL_MIN_LEVEL 70103
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:191.
# The text itself is copyright (C) Mandriva S.A.
#
include("compat.inc");
if (description)
{
script_id(20121);
script_version ("1.15");
script_cvs_date("Date: 2018/07/19 20:59:13");
script_cve_id("CVE-2005-2337");
script_xref(name:"MDKSA", value:"2005:191");
script_name(english:"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Mandrake Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the
object-oriented scripting language, that can cause illegal program
code to bypass the safe level and taint flag protections check and be
executed.
The updated packages have been patched to address this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ruby-tk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
script_set_attribute(attribute:"patch_publication_date", value:"2005/10/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/02");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.1", reference:"ruby-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-devel-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-doc-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"ruby-tk-1.8.1-4.4.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-devel-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-doc-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"ruby-tk-1.8.2-6.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-devel-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-doc-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ruby-tk-1.8.2-7.1.20060mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "MANDRAKE_MDKSA-2005-191.NASL", "bulletinFamily": "scanner", "title": "Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.\n\nThe updated packages have been patched to address this issue.", "published": "2005-11-02T00:00:00", "modified": "2018-07-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20121", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2005-2337"], "type": "nessus", "lastseen": "2018-08-02T07:43:30", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:ruby-tk", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:ruby-devel"], "cvelist": ["CVE-2005-2337"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.\n\nThe updated packages have been patched to address this issue.", "edition": 2, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}}, "hash": "bb7376d19ce9da4ec650d3bbde6086ef81749490aab0c0e7140f2925ebcf291f", "hashmap": [{"hash": "6093c6e228768abc083b5825f78227a8", "key": "title"}, {"hash": "24f79e561bde90df835a139b7f2e2693", "key": "modified"}, {"hash": "90c33bf3179f0a7173ab714b94289682", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "77cc3086b6121489e9803ff9e5f97753", "key": "sourceData"}, {"hash": "47d899ef06b049b67fc54003749f5409", "key": "description"}, {"hash": "cc46070086350400cf806e63bab5f462", "key": "cpe"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9d6c6f0ee5bd89e3ce83c821b93ee232", "key": "cvelist"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "e34efa3403c4f206c11404a6fbc37cd0", "key": "pluginID"}, {"hash": "af279401c4f596eb025f2579d47739e3", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20121", "id": "MANDRAKE_MDKSA-2005-191.NASL", "lastseen": "2017-10-29T13:35:57", "modified": "2013-05-31T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.3", "pluginID": "20121", "published": "2005-11-02T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:191. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20121);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/05/31 23:51:58 $\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"MDKSA\", value:\"2005:191\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-devel-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-doc-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-tk-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-devel-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-doc-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-tk-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-devel-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-doc-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-tk-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:35:57"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2005-2337"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed.\n\nThe updated packages have been patched to address this issue.", "edition": 1, "enchantments": {}, "hash": "437cd3dce7d90fe6a95ae910d1b5fd9d7c5a58089a9ff997892d8807045c6dd9", "hashmap": [{"hash": "6093c6e228768abc083b5825f78227a8", "key": "title"}, {"hash": "24f79e561bde90df835a139b7f2e2693", "key": "modified"}, {"hash": "90c33bf3179f0a7173ab714b94289682", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "77cc3086b6121489e9803ff9e5f97753", "key": "sourceData"}, {"hash": "47d899ef06b049b67fc54003749f5409", "key": "description"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "9d6c6f0ee5bd89e3ce83c821b93ee232", "key": "cvelist"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "526837706681051344a466f9e51ac982", "key": "naslFamily"}, {"hash": "e34efa3403c4f206c11404a6fbc37cd0", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "af279401c4f596eb025f2579d47739e3", "key": "href"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=20121", "id": "MANDRAKE_MDKSA-2005-191.NASL", "lastseen": "2016-09-26T17:23:56", "modified": "2013-05-31T00:00:00", "naslFamily": "Mandriva Local Security Checks", "objectVersion": "1.2", "pluginID": "20121", "published": "2005-11-02T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:191. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20121);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2013/05/31 23:51:58 $\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"MDKSA\", value:\"2005:191\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-devel-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-doc-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-tk-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-devel-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-doc-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-tk-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-devel-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-doc-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-tk-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "title": "Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:23:56"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "cc46070086350400cf806e63bab5f462"}, {"key": "cvelist", "hash": "9d6c6f0ee5bd89e3ce83c821b93ee232"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "47d899ef06b049b67fc54003749f5409"}, {"key": "href", "hash": "af279401c4f596eb025f2579d47739e3"}, {"key": "modified", "hash": "e2914120514a29eeccc01e381df164d8"}, {"key": "naslFamily", "hash": "526837706681051344a466f9e51ac982"}, {"key": "pluginID", "hash": "e34efa3403c4f206c11404a6fbc37cd0"}, {"key": "published", "hash": "90c33bf3179f0a7173ab714b94289682"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "1831f28dfd836b2ccffbe87f80d1c623"}, {"key": "title", "hash": "6093c6e228768abc083b5825f78227a8"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "f1b76b092b71cc50a20333f0d096e20901ac7a2729f4f22156588202c444a224", "viewCount": 0, "enchantments": {"score": {"value": 7.2, "vector": "NONE"}, "vulnersScore": 7.2}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:191. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20121);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"MDKSA\", value:\"2005:191\");\n\n script_name(english:\"Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted.\n\nThe updated packages have been patched to address this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/11/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-devel-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-doc-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"ruby-tk-1.8.1-4.4.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-devel-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-doc-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"ruby-tk-1.8.2-6.2.102mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-devel-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-doc-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", reference:\"ruby-tk-1.8.2-7.1.20060mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Mandriva Local Security Checks", "pluginID": "20121", "cpe": ["p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:ruby-tk", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:ruby-devel"]}
{"result": {"cve": [{"lastseen": "2017-10-11T11:06:18", "references": ["http://www.ruby-lang.org/en/20051003.html", "http://www.vupen.com/english/advisories/2006/1779", "http://www.us-cert.gov/cas/techalerts/TA06-132A.html", "http://www.securityfocus.com/bid/17951", "http://www.kb.cert.org/vuls/id/160012", "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html", "http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/22360", "http://www.redhat.com/support/errata/RHSA-2005-799.html", "http://www.ubuntu.com/usn/usn-195-1", "http://www.debian.org/security/2005/dsa-862", "http://www.debian.org/security/2005/dsa-860", "http://www.securityfocus.com/bid/14909", "http://www.mandriva.com/security/advisories?name=MDKSA-2005:191", "http://www.novell.com/linux/security/advisories/2006_05_sr.html", "http://jvn.jp/jp/JVN%2362914675/index.html", "http://securityreason.com/securityalert/59", "http://www.securitytracker.com/alerts/2005/Sep/1014948.html", "http://www.debian.org/security/2005/dsa-864"], "description": "Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin).", "edition": 3, "reporter": "NVD", "published": "2005-10-07T19:02:00", "title": "CVE-2005-2337", "type": "cve", "enchantments": {"score": {"modified": "2017-10-11T11:06:18", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10564", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10564"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-2337"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10564", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10564"}], "modified": "2017-10-10T21:30:15", "cpe": ["cpe:/a:yukihiro_matsumoto:ruby:1.8", "cpe:/a:yukihiro_matsumoto:ruby:1.6.2", "cpe:/a:yukihiro_matsumoto:ruby:1.6.5", "cpe:/a:yukihiro_matsumoto:ruby:1.8.2_pre2", "cpe:/a:yukihiro_matsumoto:ruby:1.6.7", "cpe:/a:yukihiro_matsumoto:ruby:1.6.4", "cpe:/a:yukihiro_matsumoto:ruby:1.6.1", "cpe:/a:yukihiro_matsumoto:ruby:1.8.2_pre1", "cpe:/a:yukihiro_matsumoto:ruby:1.8.1", "cpe:/a:yukihiro_matsumoto:ruby:1.6", "cpe:/a:yukihiro_matsumoto:ruby:1.6.6", "cpe:/a:yukihiro_matsumoto:ruby:1.6.3"], "id": "CVE-2005-2337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2337", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "cert": [{"lastseen": "2018-08-02T21:57:04", "references": ["http://www.ruby-lang.org/en/20051003.html", "http://www.ruby-lang.org/en/20051003.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2337", "http://www.rubycentral.com/book/taint.html", "http://www.rubycentral.com/book/taint.html", "http://secunia.com/advisories/16904/", "http://jvn.jp/jp/JVN%2362914675/index.html"], "description": "### Overview\n\nRuby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied.\n\n### Description\n\nRuby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: [taint flagging and safe levels](<http://www.rubycentral.com/book/taint.html>). Safe levels describe the mode of operation that is allowed on potentially tainted objects. A flaw in `eval.c` may result in Ruby failing to enforce the safe-level protections. This may result in arbitrary code being executed without the appropriate and intended security mechanisms applied. Specifically, if the program is passed through standard input (stdin), the safe level may be ignored and hence bypassed. \n \n--- \n \n### Impact\n\nAn attacker may be able to run arbitrary code without security checks being applied. An application may be designed in such a manner that this results in remote, unauthenticated arbitrary code execution. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nRuby 1.8.3 is the stable release that addresses this issue. Information on updates, fixes, and workarounds for this and other Ruby versions is contained in the [Ruby vulnerability note](<http://www.ruby-lang.org/en/20051003.html>) for the issue. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nRed Hat, Inc.| | -| 18 Oct 2005 \nRuby| | -| 05 Oct 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23160012 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.ruby-lang.org/en/20051003.html>\n * <http://secunia.com/advisories/16904/>\n * <http://jvn.jp/jp/JVN%2362914675/index.html>\n * <http://www.rubycentral.com/book/taint.html>\n\n### Credit\n\nThanks to the Ruby project for reporting this vulnerability, who in turn thank Dr. Yutaka Oiwa, Research Center for Information Security, National Institute of Advanced Industrial Science and Technology for information on the issue .\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n * CVE IDs: [CVE-2005-2337](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2337>)\n * Date Public: 23 Sep 2005\n * Date First Published: 05 Oct 2005\n * Date Last Updated: 16 Dec 2005\n * Severity Metric: 2.56\n * Document Revision: 14\n\n", "edition": 2, "reporter": "CERT", "published": "2005-10-05T00:00:00", "title": "Ruby safe-level security model bypass", "type": "cert", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "info", "cvelist": ["CVE-2005-2337", "CVE-2005-2337"], "modified": "2005-12-16T00:00:00", "id": "VU:160012", "href": "https://www.kb.cert.org/vuls/id/160012", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-08-10T17:18:41", "references": ["http://www.debian.org/security/2005/dsa-860", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742"], "pluginID": "19968", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions :\n\n old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 4, "reporter": "Tenable", "published": "2005-10-11T00:00:00", "title": "Debian DSA-860-1 : ruby - programming error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-08-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:ruby"], "id": "DEBIAN_DSA-860.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19968", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-860. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19968);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/08/09 17:06:36\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"860\");\n\n script_name(english:\"Debian DSA-860-1 : ruby - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-860\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"irb\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libcurses-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libgdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libnkf-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libpty-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libreadline-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsdbm-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libsyslog-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtcltk-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"libtk-ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-dev\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-elisp\", reference:\"1.6.7-3woody5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"ruby-examples\", reference:\"1.6.7-3woody5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-02T07:37:59", "references": ["http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742", "http://www.debian.org/security/2005/dsa-864"], "pluginID": "20019", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions :\n\n old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 3, "reporter": "Tenable", "published": "2005-10-19T00:00:00", "title": "Debian DSA-864-1 : ruby1.8 - programming error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby1.8", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-864.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20019", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-864. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20019);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"864\");\n\n script_name(english:\"Debian DSA-864-1 : ruby1.8 - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-864\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"irb1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libdbm-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdbm-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libopenssl-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libreadline-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.8-dbg\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"rdoc1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ri1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-dev\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-elisp\", reference:\"1.8.2-7sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.8-examples\", reference:\"1.8.2-7sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-02T07:42:00", "references": ["http://www.debian.org/security/2005/dsa-862", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742"], "pluginID": "19970", "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions :\n\n old stable (woody) stable (sarge) unstable (sid) ruby 1.6.7-3woody5 n/a n/a ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1", "edition": 3, "reporter": "Tenable", "published": "2005-10-11T00:00:00", "title": "Debian DSA-862-1 : ruby1.6 - programming error", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-07-20T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby1.8", "cpe:/o:debian:debian_linux:3.1"], "id": "DEBIAN_DSA-862.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19970", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-862. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19970);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/20 2:17:11\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_xref(name:\"CERT\", value:\"160012\");\n script_xref(name:\"DSA\", value:\"862\");\n\n script_name(english:\"Debian DSA-862-1 : ruby1.6 - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions :\n\n old stable (woody) stable (sarge) unstable (sid) \n ruby 1.6.7-3woody5 n/a n/a \n ruby1.6 n/a 1.6.8-12sarge1 1.6.8-13 \n ruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-862\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"irb1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libcurses-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libgdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libpty-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libreadline-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libruby1.6-dbg\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libsdbm-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libsyslog-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtcltk-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"libtk-ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-dev\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-elisp\", reference:\"1.6.8-12sarge1\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"ruby1.6-examples\", reference:\"1.6.8-12sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-02T07:46:00", "references": [], "pluginID": "20609", "description": "The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploited to execute Ruby code beyond the restrictions specified in each safe level.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libyaml-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libiconv-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libpty-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev", "p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libtk-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libstrscan-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:rdoc1.8", "p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsdbm-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples", "p-cpe:/a:canonical:ubuntu_linux:libzlib-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsoap-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg", "p-cpe:/a:canonical:ubuntu_linux:libtest-unit-ruby1.8", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:libracc-runtime-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:irb1.8", "p-cpe:/a:canonical:ubuntu_linux:ri1.8", "p-cpe:/a:canonical:ubuntu_linux:libcurses-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp", "p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:liberb-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libbigdecimal-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libsyslog-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:librexml-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libwebrick-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libdrb-ruby1.8", "p-cpe:/a:canonical:ubuntu_linux:libdl-ruby1.8"], "id": "UBUNTU_USN-195-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20609", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-195-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20609);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 23:44:03\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_osvdb_id(19610);\n script_xref(name:\"USN\", value:\"195-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : ruby1.8 vulnerability (USN-195-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The object oriented scripting language Ruby supports safely executing\nuntrusted code with two mechanisms: safe level and taint flag on\nobjects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby\nmethods to bypass these mechanisms. In systems which use this feature,\nthis could be exploited to execute Ruby code beyond the restrictions\nspecified in each safe level.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:irb1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbigdecimal-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libcurses-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdrb-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:liberb-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libiconv-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libpty-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libracc-runtime-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:librexml-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsdbm-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsoap-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libstrscan-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsyslog-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtest-unit-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libtk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebrick-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libyaml-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libzlib-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ri1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"irb1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libbigdecimal-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libcurses-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libdrb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"liberb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libiconv-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libpty-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libracc-runtime-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"librexml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsoap-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libstrscan-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libsyslog-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtest-unit-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libtk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libwebrick-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxmlrpc-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libyaml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libzlib-ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"rdoc1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ri1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.1+1.8.2pre2-3ubuntu0.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"irb1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libbigdecimal-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libcurses-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libdrb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"liberb-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libgdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libiconv-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libopenssl-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libpty-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libracc-runtime-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libreadline-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"librexml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libruby1.8-dbg\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsdbm-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsoap-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libstrscan-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libsyslog-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtcltk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtest-unit-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libtk-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libwebrick-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxmlrpc-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libyaml-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libzlib-ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"rdoc1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ri1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-dev\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-elisp\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ruby1.8-examples\", pkgver:\"1.8.1+1.8.2pre4-1ubuntu0.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb1.8 / libbigdecimal-ruby1.8 / libcurses-ruby1.8 / libdbm-ruby1.8 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-29T13:43:19", "references": ["http://www.ruby-lang.org/en/20051003.html", "http://www.nessus.org/u?56761b6d"], "pluginID": "21394", "edition": 2, "description": "Ruby home page reports :\n\nThe Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms : safe level and taint flag on objects.\n\nA vulnerability has been found that allows bypassing these mechanisms.\n\nBy using the vulnerability, arbitrary code can be executed beyond the restrictions specified in each safe level. Therefore, Ruby has to be updated on all systems that use safe level to execute untrusted code.", "reporter": "Tenable", "published": "2006-05-13T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "nessus", "title": "FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "cpe": ["p-cpe:/a:freebsd:freebsd:ruby_static", "p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "modified": "2015-05-13T00:00:00", "id": "FREEBSD_PKG_1DAEA60A471911DAB5C60004614CC33D.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21394", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2015 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21394);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2015/05/13 14:37:08 $\");\n\n script_cve_id(\"CVE-2005-2337\");\n\n script_name(english:\"FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby home page reports :\n\nThe Object Oriented Scripting Language Ruby supports safely executing\nan untrusted code with two mechanisms : safe level and taint flag on\nobjects.\n\nA vulnerability has been found that allows bypassing these mechanisms.\n\nBy using the vulnerability, arbitrary code can be executed beyond the\nrestrictions specified in each safe level. Therefore, Ruby has to be\nupdated on all systems that use safe level to execute untrusted code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/20051003.html\"\n );\n # http://www.freebsd.org/ports/portaudit/1daea60a-4719-11da-b5c6-0004614cc33d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56761b6d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby_static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>1.6.*<1.6.8.2004.07.28_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>1.8.*<1.8.2_5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby_static>1.6.*<1.6.8.2004.07.28_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby_static>1.8.*<1.8.2_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-06-29T06:04:54", "references": ["http://www.nessus.org/u?be18d095", "http://www.nessus.org/u?6a8052bb", "http://www.nessus.org/u?d34120eb", "http://www.nessus.org/u?3b29d580"], "pluginID": "21860", "description": "Updated ruby packages that fix an arbitrary command execution issue are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.", "edition": 3, "reporter": "Tenable", "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : ruby (CESA-2005:799)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-06-27T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-libs", "cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:ruby-mode", "p-cpe:/a:centos:centos:ruby-docs", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:irb", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-799.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:799 and \n# CentOS Errata and Security Advisory 2005:799 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21860);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/06/27 18:42:24\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"RHSA\", value:\"2005:799\");\n\n script_name(english:\"CentOS 3 / 4 : ruby (CESA-2005:799)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-October/012262.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b29d580\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-October/012265.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d34120eb\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-October/012271.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a8052bb\"\n );\n # http://lists.centos.org/pipermail/centos-announce/2005-October/012272.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be18d095\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-devel-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-docs-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-libs-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-mode-1.6.8-9.EL3.4\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"ruby-tcltk-1.6.8-9.EL3.4\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-devel-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-docs-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-libs-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-mode-1.8.1-7.EL4.2\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"ruby-tcltk-1.8.1-7.EL4.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-30T13:49:38", "references": ["https://www.redhat.com/security/data/cve/CVE-2005-2337.html", "http://rhn.redhat.com/errata/RHSA-2005-799.html"], "pluginID": "20049", "description": "Updated ruby packages that fix an arbitrary command execution issue are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing packages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA bug was found in the way ruby handles eval statements. It is possible for a malicious script to call eval in such a way that can allow the bypass of certain safe-level restrictions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.", "edition": 4, "reporter": "Tenable", "published": "2005-10-19T00:00:00", "title": "RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-07-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:irb", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-mode", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2005-799.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20049", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:799. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20049);\n script_version (\"1.19\");\n script_cvs_date(\"Date: 2018/07/25 18:58:04\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"RHSA\", value:\"2005:799\");\n\n script_name(english:\"RHEL 2.1 / 3 / 4 : ruby (RHSA-2005:799)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix an arbitrary command execution issue\nare now available.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\n[Updated 25 Oct 2005] Errata has been updated to include missing\npackages for Red Hat Enterprise Linux 3.\n\nRuby is an interpreted scripting language for object-oriented\nprogramming.\n\nA bug was found in the way ruby handles eval statements. It is\npossible for a malicious script to call eval in such a way that can\nallow the bypass of certain safe-level restrictions. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-2337 to this issue.\n\nUsers of Ruby should update to these erratum packages, which contain a\nbackported patch and are not vulnerable to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-2337.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-799.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(2\\.1|3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1 / 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:799\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"irb-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-devel-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-docs-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-libs-1.6.4-2.AS21.2\")) flag++;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"ruby-tcltk-1.6.4-2.AS21.2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", reference:\"irb-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-devel-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-docs-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-libs-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-mode-1.6.8-9.EL3.4\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"ruby-tcltk-1.6.8-9.EL3.4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"irb-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-devel-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-docs-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-libs-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-mode-1.8.1-7.EL4.2\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"ruby-tcltk-1.8.1-7.EL4.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-12T17:59:43", "references": ["http://www.ruby-lang.org/en/20051003.html", "https://security.gentoo.org/glsa/200510-05"], "pluginID": "19975", "description": "The remote host is affected by the vulnerability described in GLSA-200510-05 (Ruby: Security bypass vulnerability)\n\n Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections.\n Impact :\n\n An attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level.\n Workaround :\n\n There is no known workaround at this time.", "edition": 3, "reporter": "Tenable", "published": "2005-10-11T00:00:00", "title": "GLSA-200510-05 : Ruby: Security bypass vulnerability", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2018-07-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:ruby"], "id": "GENTOO_GLSA-200510-05.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19975", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200510-05.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19975);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/11 17:09:25\");\n\n script_cve_id(\"CVE-2005-2337\");\n script_bugtraq_id(14909);\n script_xref(name:\"GLSA\", value:\"200510-05\");\n\n script_name(english:\"GLSA-200510-05 : Ruby: Security bypass vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200510-05\n(Ruby: Security bypass vulnerability)\n\n Dr. Yutaka Oiwa discovered that Ruby fails to properly enforce\n safe level protections.\n \nImpact :\n\n An attacker could exploit this vulnerability to execute arbitrary\n code beyond the restrictions specified in each safe level.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.ruby-lang.org/en/20051003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200510-05\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Ruby users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-lang/ruby\", unaffected:make_list(\"ge 1.8.3\"), vulnerable:make_list(\"lt 1.8.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Ruby\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-05T11:57:00", "references": [], "pluginID": "20610", "description": "Ulf Harnhammar discovered a format string vulnerability in the CDDB module's cache file handling in the Xine library, which is used by packages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a specially crafted CDDB entry, a remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user running the application. Since CDDB servers usually allow anybody to add and modify information, this exploit does not even require a particular CDDB server to be selected.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2967", "CVE-2005-2337"], "modified": "2018-08-03T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libxine-dev", "p-cpe:/a:canonical:ubuntu_linux:libxine1", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10"], "id": "UBUNTU_USN-196-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20610", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-196-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20610);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/08/03 12:21:23\");\n\n script_cve_id(\"CVE-2005-2337\", \"CVE-2005-2967\");\n script_bugtraq_id(15044);\n script_xref(name:\"USN\", value:\"196-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : xine-lib vulnerability (USN-196-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered a format string vulnerability in the CDDB\nmodule's cache file handling in the Xine library, which is used by\npackages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a\nspecially crafted CDDB entry, a remote attacker could exploit this\nvulnerability to execute arbitrary code with the privileges of the\nuser running the application. Since CDDB servers usually allow anybody\nto add and modify information, this exploit does not even require a\nparticular CDDB server to be selected.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libxine-dev and / or libxine1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libxine1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/10/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine-dev\", pkgver:\"1-rc5-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"libxine1\", pkgver:\"1-rc5-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine-dev\", pkgver:\"1.0-1ubuntu3.1.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"libxine1\", pkgver:\"1.0-1ubuntu3.1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxine-dev / libxine1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-07-15T03:27:18", "references": ["http://docs.info.apple.com/article.html?artnum=303737"], "pluginID": "21341", "description": "The remote host is running Apple Mac OS X, but lacks Security Update 2006-003.\n\nThis security update contains fixes for the following applications :\n\nAppKit ImageIO BOM CFNetwork ClamAV (Mac OS X Server only) CoreFoundation CoreGraphics Finder FTPServer Flash Player KeyCHain LaunchServices libcurl Mail MySQL Manager (Mac OS X Server only) Preview QuickDraw QuickTime Streaming Server Ruby Safari", "edition": 3, "reporter": "Tenable", "published": "2006-05-12T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2006-003)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "MacOS X Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1449", "CVE-2006-1453", "CVE-2006-1630", "CVE-2006-1456", "CVE-2006-1446", "CVE-2006-1614", "CVE-2006-1443", "CVE-2006-1450", "CVE-2006-0024", "CVE-2005-2628", "CVE-2006-1439", "CVE-2006-1455", "CVE-2006-1983", "CVE-2006-1447", "CVE-2006-1454", "CVE-2006-1440", "CVE-2006-1985", "CVE-2006-1452", "CVE-2006-1552", "CVE-2006-1442", "CVE-2006-1982", "CVE-2006-1451", "CVE-2006-1445", "CVE-2006-1444", "CVE-2006-1441", "CVE-2006-1984", "CVE-2006-1615", "CVE-2005-2337", "CVE-2006-1448", "CVE-2006-1457", "CVE-2005-4077"], "modified": "2018-07-14T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2006-003.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21341);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\"CVE-2006-1439\", \"CVE-2006-1982\", \"CVE-2006-1983\", \"CVE-2006-1984\", \"CVE-2006-1985\",\n \"CVE-2006-1440\", \"CVE-2006-1441\", \"CVE-2006-1442\", \"CVE-2006-1614\", \"CVE-2006-1615\",\n \"CVE-2006-1630\", \"CVE-2006-1443\", \"CVE-2006-1444\", \"CVE-2006-1448\", \"CVE-2006-1445\",\n \"CVE-2005-2628\", \"CVE-2006-0024\", \"CVE-2006-1552\", \"CVE-2006-1446\", \"CVE-2006-1447\",\n \"CVE-2005-4077\", \"CVE-2006-1449\", \"CVE-2006-1450\", \"CVE-2006-1451\", \"CVE-2006-1452\",\n \"CVE-2006-1453\", \"CVE-2006-1454\", \"CVE-2006-1455\", \"CVE-2006-1456\", \"CVE-2005-2337\",\n \"CVE-2006-1457\");\n script_bugtraq_id(17634, 17951);\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2006-003)\");\n script_summary(english:\"Check for Security Update 2006-003\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote operating system is missing a vendor-supplied patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Apple Mac OS X, but lacks\nSecurity Update 2006-003.\n\nThis security update contains fixes for the following\napplications :\n\nAppKit\nImageIO\nBOM\nCFNetwork\nClamAV (Mac OS X Server only)\nCoreFoundation\nCoreGraphics\nFinder\nFTPServer\nFlash Player\nKeyCHain\nLaunchServices\nlibcurl\nMail\nMySQL Manager (Mac OS X Server only)\nPreview\nQuickDraw\nQuickTime Streaming Server\nRuby\nSafari\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.info.apple.com/article.html?artnum=303737\");\n script_set_attribute(attribute:\"solution\", value:\n\"Mac OS X 10.4 :\nhttp://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__PPC_\nhttp://support.apple.com/downloads/Security_Update_2006_003_Mac_OS_X_10_4_6_Client__Intel_\n\nMac OS X 10.3 :\nhttp://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Client_\nhttp://support.apple.com/downloads/Security_Update_2006_003__10_3_9_Server_\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\");\n exit(0);\n}\n\n\npackages = get_kb_item(\"Host/MacOSX/packages\");\nif ( ! packages ) exit(0);\n\n\nuname = get_kb_item(\"Host/uname\");\nif ( egrep(pattern:\"Darwin.* (7\\.[0-9]\\.|8\\.[0-6]\\.)\", string:uname) )\n{\n if (!egrep(pattern:\"^SecUpd(Srvr)?(2006-00[3467]|2007-003)\", string:packages)) security_hole(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-03-28T01:01:48", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "irb", "packageFilename": "irb-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.ppc64.rpm", "arch": "ppc64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "ruby", "packageFilename": "ruby-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.4-2.AS21.2", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.4-2.AS21.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.8.1-7.EL4.2", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.s390x.rpm", "arch": "s390x", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "any", "packageVersion": "1.6.8-9.EL3.4", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.ppc.rpm", "arch": "ppc", "operator": "lt"}], "description": "Ruby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.", "reporter": "RedHat", "published": "2005-10-11T04:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "(RHSA-2005:799) ruby security update", "type": "redhat", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:02", "id": "RHSA-2005:799", "href": "https://access.redhat.com/errata/RHSA-2005:799", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2016-09-02T18:33:25", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libsyslog-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_ia64.deb", "packageName": "libruby1.6-dbg", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libtcltk-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libsyslog-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libtk-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libsdbm-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libcurses-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libgdbm-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libreadline-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libdbm-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_amd64.deb", "packageName": "ruby1.6-dev", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libtk-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libreadline-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_mipsel.deb", "packageName": "ruby1.6-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_ia64.deb", "packageName": "ruby1.6-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libgdbm-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libtk-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libsdbm-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libreadline-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libsdbm-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libsdbm-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libcurses-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1.diff", "packageFilename": "ruby1.6_1.6.8-12sarge1.diff.gz", "packageName": "ruby1.6", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_s390.deb", "packageName": "ruby1.6-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libdbm-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libcurses-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libgdbm-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libdbm-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_arm.deb", "packageName": "ruby1.6-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libsyslog-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libcurses-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libdbm-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-examples_1.6.8-12sarge1_all.deb", "packageName": "ruby1.6-examples", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_sparc.deb", "packageName": "ruby1.6-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libsdbm-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_alpha.deb", "packageName": "ruby1.6-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libpty-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libpty-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libtcltk-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_hppa.deb", "packageName": "libruby1.6-dbg", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libreadline-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libtcltk-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libgdbm-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libcurses-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libreadline-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libpty-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libtcltk-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libdbm-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_m68k.deb", "packageName": "libruby1.6-dbg", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libreadline-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libtk-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libsyslog-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libcurses-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libtk-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libdbm-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libgdbm-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libdbm-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libgdbm-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libsdbm-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libtcltk-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_hppa.deb", "packageName": "ruby1.6-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libdbm-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libtk-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libgdbm-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libpty-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libsyslog-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libtcltk-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libtk-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_mips.deb", "packageName": "ruby1.6-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libcurses-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libsdbm-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_m68k.deb", "packageName": "ruby1.6-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libtk-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libpty-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libreadline-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libreadline-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_mipsel.deb", "packageName": "libruby1.6-dbg", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libcurses-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libsdbm-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libtk-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libcurses-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libtk-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libdbm-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libsyslog-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "irb1.6_1.6.8-12sarge1_all.deb", "packageName": "irb1.6", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_alpha.deb", "packageName": "libruby1.6-dbg", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libtcltk-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_powerpc.deb", "packageName": "libruby1.6-dbg", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libsdbm-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libreadline-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libsyslog-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_i386.deb", "packageName": "libruby1.6-dbg", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libgdbm-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_amd64.deb", "packageName": "libruby1.6-dbg", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libreadline-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_i386.deb", "packageName": "ruby1.6-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libpty-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_sparc.deb", "packageName": "libruby1.6-dbg", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libpty-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libcurses-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libgdbm-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libreadline-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-elisp_1.6.8-12sarge1_all.deb", "packageName": "ruby1.6-elisp", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libgdbm-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libpty-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libsdbm-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1.dsc", "packageName": "ruby1.6", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libtk-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libdbm-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libtcltk-ruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_powerpc.deb", "packageName": "libtcltk-ruby1.6", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libcurses-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libgdbm-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libsyslog-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libdbm-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libdbm-ruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libdbm-ruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_mips.deb", "packageName": "libruby1.6-dbg", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libsyslog-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8.orig", "packageFilename": "ruby1.6_1.6.8.orig.tar.gz", "packageName": "ruby1.6", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libcurses-ruby1.6_1.6.8-12sarge1_alpha.deb", "packageName": "libcurses-ruby1.6", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_s390.deb", "packageName": "libruby1.6-dbg", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libtcltk-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libtcltk-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libsdbm-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "libpty-ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6-dev_1.6.8-12sarge1_powerpc.deb", "packageName": "ruby1.6-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsdbm-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libsdbm-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtcltk-ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "libtcltk-ruby1.6", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6-dbg_1.6.8-12sarge1_arm.deb", "packageName": "libruby1.6-dbg", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libsyslog-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libtk-ruby1.6_1.6.8-12sarge1_mipsel.deb", "packageName": "libtk-ruby1.6", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libsyslog-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libpty-ruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libsyslog-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libsyslog-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libreadline-ruby1.6_1.6.8-12sarge1_i386.deb", "packageName": "libreadline-ruby1.6", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_ia64.deb", "packageName": "libruby1.6", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_arm.deb", "packageName": "libruby1.6", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_mips.deb", "packageName": "libpty-ruby1.6", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_sparc.deb", "packageName": "ruby1.6", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libruby1.6_1.6.8-12sarge1_amd64.deb", "packageName": "libruby1.6", "arch": "x86-64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libpty-ruby1.6_1.6.8-12sarge1_hppa.deb", "packageName": "libpty-ruby1.6", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "libgdbm-ruby1.6_1.6.8-12sarge1_s390.deb", "packageName": "libgdbm-ruby1.6", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.6.8-12sarge1", "packageFilename": "ruby1.6_1.6.8-12sarge1_m68k.deb", "packageName": "ruby1.6", "arch": "m68k", "operator": "lt"}], "edition": 1, "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions:\n\n| old stable (woody) | stable (sarge) | unstable (sid) \n---|---|---|--- \nruby | 1.6.7-3woody5 | n/a | n/a \nruby1.6 | n/a | 1.6.8-12sarge1 | 1.6.8-13 \nruby1.8 | n/a | 1.8.2-7sarge2 | 1.8.3-1 \n \nWe recommend that you upgrade your ruby packages.", "reporter": "Debian", "published": "2005-10-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "ruby1.6 -- programming error", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-11T00:00:00", "href": "http://www.debian.org/security/dsa-862", "id": "DSA-862", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:34:59", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2.orig", "packageFilename": "ruby1.8_1.8.2.orig.tar.gz", "arch": "src", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "rdoc1.8_1.8.2-7sarge2_all.deb", "arch": "all", "packageName": "rdoc1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ri1.8_1.8.2-7sarge2_all.deb", "arch": "all", "packageName": "ri1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "libruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "irb1.8_1.8.2-7sarge2_all.deb", "arch": "all", "packageName": "irb1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2.dsc", "arch": "src", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_sparc.deb", "arch": "sparc", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_amd64.deb", "arch": "x86-64", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-elisp_1.8.2-7sarge2_all.deb", "arch": "all", "packageName": "ruby1.8-elisp", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libruby1.8-dbg_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libruby1.8-dbg", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libtcltk-ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libtcltk-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_alpha.deb", "arch": "alpha", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_mipsel.deb", "arch": "mipsel", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_m68k.deb", "arch": "m68k", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libdbm-ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libgdbm-ruby1.8_1.8.2-7sarge2_ia64.deb", "arch": "ia64", "packageName": "libgdbm-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-examples_1.8.2-7sarge2_all.deb", "arch": "all", "packageName": "ruby1.8-examples", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_powerpc.deb", "arch": "ppc", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8_1.8.2-7sarge2_hppa.deb", "arch": "hppa", "packageName": "ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libopenssl-ruby1.8_1.8.2-7sarge2_arm.deb", "arch": "arm", "packageName": "libopenssl-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_s390.deb", "arch": "s390x", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "libreadline-ruby1.8_1.8.2-7sarge2_i386.deb", "arch": "i686", "packageName": "libreadline-ruby1.8", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2", "packageFilename": "ruby1.8-dev_1.8.2-7sarge2_mips.deb", "arch": "mips", "packageName": "ruby1.8-dev", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.1", "packageVersion": "1.8.2-7sarge2.diff", "packageFilename": "ruby1.8_1.8.2-7sarge2.diff.gz", "arch": "src", "packageName": "ruby1.8", "operator": "lt"}], "edition": 1, "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions:\n\n| old stable (woody) | stable (sarge) | unstable (sid) \n---|---|---|--- \nruby | 1.6.7-3woody5 | n/a | n/a \nruby1.6 | n/a | 1.6.8-12sarge1 | 1.6.8-13 \nruby1.8 | n/a | 1.8.2-7sarge2 | 1.8.3-1 \n \nWe recommend that you upgrade your ruby packages.", "reporter": "Debian", "published": "2005-10-13T00:00:00", "type": "debian", "title": "ruby1.8 -- programming error", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-13T00:00:00", "id": "DSA-864", "href": "http://www.debian.org/security/dsa-864", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-02T18:30:10", "references": [], "affectedPackage": [{"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libtcltk-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_i386.deb", "packageName": "libtcltk-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libsyslog-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libnkf-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libreadline-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_alpha.deb", "packageName": "libruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libpty-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libpty-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_arm.deb", "packageName": "libtk-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libsdbm-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_mips.deb", "packageName": "libcurses-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libdbm-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libgdbm-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libsdbm-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libsdbm-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libpty-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libpty-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_powerpc.deb", "packageName": "ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_mips.deb", "packageName": "libnkf-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_arm.deb", "packageName": "libcurses-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libcurses-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_arm.deb", "packageName": "libpty-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_m68k.deb", "packageName": "ruby-dev", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_i386.deb", "packageName": "libpty-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_arm.deb", "packageName": "libtcltk-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_alpha.deb", "packageName": "ruby-dev", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_s390.deb", "packageName": "libsyslog-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libsyslog-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_mips.deb", "packageName": "ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_sparc.deb", "packageName": "libruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_sparc.deb", "packageName": "ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_arm.deb", "packageName": "libnkf-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libdbm-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libreadline-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_alpha.deb", "packageName": "ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libtk-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_arm.deb", "packageName": "libgdbm-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_mips.deb", "packageName": "libsdbm-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libreadline-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libtk-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libnkf-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_i386.deb", "packageName": "libreadline-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_arm.deb", "packageName": "ruby-dev", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libdbm-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libreadline-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libcurses-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libcurses-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libsyslog-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libnkf-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_i386.deb", "packageName": "ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_s390.deb", "packageName": "libdbm-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_hppa.deb", "packageName": "ruby-dev", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_mips.deb", "packageName": "libtk-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libtcltk-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_s390.deb", "packageName": "ruby-dev", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libnkf-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_arm.deb", "packageName": "libsdbm-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_arm.deb", "packageName": "libreadline-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-examples_1.6.7-3woody5_all.deb", "packageName": "ruby-examples", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libreadline-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_mips.deb", "packageName": "libgdbm-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_mips.deb", "packageName": "libpty-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libreadline-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_s390.deb", "packageName": "libgdbm-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_arm.deb", "packageName": "libdbm-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libreadline-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libsdbm-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_i386.deb", "packageName": "libruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libnkf-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_m68k.deb", "packageName": "libruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libgdbm-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libpty-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_mips.deb", "packageName": "libruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libtk-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libgdbm-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libsyslog-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-elisp_1.6.7-3woody5_all.deb", "packageName": "ruby-elisp", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_s390.deb", "packageName": "libpty-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libtk-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_powerpc.deb", "packageName": "ruby-dev", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libgdbm-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libtcltk-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_mipsel.deb", "packageName": "libruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libtcltk-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libgdbm-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7.orig", "packageFilename": "ruby_1.6.7.orig.tar.gz", "packageName": "ruby", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libsyslog-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libpty-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libdbm-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libnkf-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libcurses-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_mips.deb", "packageName": "libreadline-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_ia64.deb", "packageName": "libdbm-ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_m68k.deb", "packageName": "ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_ia64.deb", "packageName": "ruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libtk-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_s390.deb", "packageName": "libtk-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_s390.deb", "packageName": "libruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_arm.deb", "packageName": "libruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libpty-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libpty-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_mipsel.deb", "packageName": "ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_i386.deb", "packageName": "libgdbm-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_mips.deb", "packageName": "ruby-dev", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_i386.deb", "packageName": "libcurses-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libcurses-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libtk-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libgdbm-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_sparc.deb", "packageName": "ruby-dev", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_mips.deb", "packageName": "libdbm-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_mips.deb", "packageName": "libsyslog-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libtcltk-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libtk-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_i386.deb", "packageName": "ruby-dev", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_hppa.deb", "packageName": "ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_s390.deb", "packageName": "ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_ia64.deb", "packageName": "libruby", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_i386.deb", "packageName": "libnkf-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libsyslog-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libgdbm-ruby_1.6.7-3woody5_m68k.deb", "packageName": "libgdbm-ruby", "arch": "m68k", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libtcltk-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libdbm-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_mips.deb", "packageName": "libtcltk-ruby", "arch": "mips", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_i386.deb", "packageName": "libsyslog-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_s390.deb", "packageName": "libnkf-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_arm.deb", "packageName": "libsyslog-ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtk-ruby_1.6.7-3woody5_i386.deb", "packageName": "libtk-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5.diff", "packageFilename": "ruby_1.6.7-3woody5.diff.gz", "packageName": "ruby", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_s390.deb", "packageName": "libcurses-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_i386.deb", "packageName": "libsdbm-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsyslog-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libsyslog-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_ia64.deb", "packageName": "ruby-dev", "arch": "ia64", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_powerpc.deb", "packageName": "libsdbm-ruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_s390.deb", "packageName": "libsdbm-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libreadline-ruby_1.6.7-3woody5_s390.deb", "packageName": "libreadline-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_i386.deb", "packageName": "libdbm-ruby", "arch": "i686", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_s390.deb", "packageName": "libtcltk-ruby", "arch": "s390x", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_hppa.deb", "packageName": "libruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5.dsc", "packageName": "ruby", "arch": "src", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libtcltk-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libtcltk-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libcurses-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby-dev_1.6.7-3woody5_mipsel.deb", "packageName": "ruby-dev", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libcurses-ruby_1.6.7-3woody5_sparc.deb", "packageName": "libcurses-ruby", "arch": "sparc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libruby_1.6.7-3woody5_powerpc.deb", "packageName": "libruby", "arch": "ppc", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "irb_1.6.7-3woody5_all.deb", "packageName": "irb", "arch": "all", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_hppa.deb", "packageName": "libsdbm-ruby", "arch": "hppa", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libnkf-ruby_1.6.7-3woody5_alpha.deb", "packageName": "libnkf-ruby", "arch": "alpha", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "ruby_1.6.7-3woody5_arm.deb", "packageName": "ruby", "arch": "arm", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libdbm-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libdbm-ruby", "arch": "mipsel", "operator": "lt"}, {"OS": "Debian GNU/Linux", "OSVersion": "3.0", "packageVersion": "1.6.7-3woody5", "packageFilename": "libsdbm-ruby_1.6.7-3woody5_mipsel.deb", "packageName": "libsdbm-ruby", "arch": "mipsel", "operator": "lt"}], "edition": 1, "description": "Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The following matrix lists the fixed versions in our distributions:\n\n| old stable (woody) | stable (sarge) | unstable (sid) \n---|---|---|--- \nruby | 1.6.7-3woody5 | n/a | n/a \nruby1.6 | n/a | 1.6.8-12sarge1 | 1.6.8-13 \nruby1.8 | n/a | 1.8.2-7sarge2 | 1.8.3-1 \n \nWe recommend that you upgrade your ruby packages.", "reporter": "Debian", "published": "2005-10-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "ruby -- programming error", "type": "debian", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-11T00:00:00", "id": "DSA-860", "href": "http://www.debian.org/security/dsa-860", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:25:11", "references": ["http://www.ruby-lang.org/en/20051003.html"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.6.8.2004.07.28_2", "packageFilename": "UNKNOWN", "packageName": "ruby", "arch": "noarch", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.6.8.2004.07.28_2", "packageFilename": "UNKNOWN", "packageName": "ruby_static", "arch": "noarch", "operator": "lt"}], "edition": 1, "description": "\nRuby home page reports:\n\nThe Object Oriented Scripting Language Ruby supports\n\t safely executing an untrusted code with two mechanisms:\n\t safe level and taint flag on objects.\nA vulnerability has been found that allows bypassing\n\t these mechanisms.\nBy using the vulnerability, arbitrary code can be executed\n\t beyond the restrictions specified in each safe level.\n\t Therefore, Ruby has to be updated on all systems that use\n\t safe level to execute untrusted code.\n\n", "reporter": "FreeBSD", "published": "2005-10-02T00:00:00", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "ruby -- vulnerability in the safe level settings", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-02T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/1daea60a-4719-11da-b5c6-0004614cc33d.html", "id": "1DAEA60A-4719-11DA-B5C6-0004614CC33D", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "references": ["http://www.ruby-lang.org/en/20051003.html", "https://bugs.gentoo.org/show_bug.cgi?id=106996", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.8.3", "packageName": "dev-lang/ruby", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nRuby is an interpreted scripting language for quick and easy object-oriented programming. Ruby supports the safe execution of untrusted code using a safe level and taint flag mechanism. \n\n### Description\n\nDr. Yutaka Oiwa discovered that Ruby fails to properly enforce safe level protections. \n\n### Impact\n\nAn attacker could exploit this vulnerability to execute arbitrary code beyond the restrictions specified in each safe level. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.3\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2005-10-06T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Ruby: Security bypass vulnerability", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-06T00:00:00", "id": "GLSA-200510-05", "href": "https://security.gentoo.org/glsa/200510-05", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "jvn": [{"lastseen": "2017-03-23T17:09:43", "references": [], "edition": 1, "description": "\n ## Description\n\n ## Impact\n\nAn attacker could possibly execute an arbitrary script. \n\n ## Solution\n\n ## Products Affected\n\n * Ruby 1.8.2 and earlier\n", "reporter": "Japan Vulnerability Notes", "published": "2005-09-21T00:00:00", "type": "jvn", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "JVN#62914675 Ruby vulnerability allowing to bypass safe level 4 as a sandbox", "bulletinFamily": "info", "cvelist": ["CVE-2005-2337"], "modified": "2008-05-21T00:00:00", "href": "http://jvn.jp/en/jp/JVN62914675/index.html", "id": "JVN:62914675", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:23", "references": [], "pluginID": "55591", "description": "The remote host is missing an update to ruby1.8\nannounced via advisory DSA 862-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 862-1 (ruby1.8)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55591", "id": "OPENVAS:55591", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_862_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 862-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby1.8\nannounced via advisory DSA 862-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20862-1\";\n\nif(description)\n{\n script_id(55591);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 862-1 (ruby1.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-elisp\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-examples\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurses-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpty-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.6-dbg\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsdbm-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsyslog-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtk-ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.6-dev\", ver:\"1.6.8-12sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:55", "references": [], "pluginID": "55615", "description": "The remote host is missing an update to ruby1.8\nannounced via advisory DSA 864-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 864-1 (ruby1.8)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55615", "id": "OPENVAS:55615", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_864_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 864-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby1.8\nannounced via advisory DSA 864-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20864-1\";\n\nif(description)\n{\n script_id(55615);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 864-1 (ruby1.8)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rdoc1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-elisp\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libopenssl-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.2-7sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:02", "references": [], "pluginID": "55546", "description": "The remote host is missing updates announced in\nadvisory GLSA 200510-05.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Gentoo Security Advisory GLSA 200510-05 (ruby)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55546", "id": "OPENVAS:55546", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is vulnerable to a security bypass of the safe level mechanism.\";\ntag_solution = \"All Ruby users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-lang/ruby-1.8.3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200510-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=106996\nhttp://www.ruby-lang.org/en/20051003.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200510-05.\";\n\n \n\nif(description)\n{\n script_id(55546);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200510-05 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-lang/ruby\", unaffected: make_list(\"ge 1.8.3\"), vulnerable: make_list(\"lt 1.8.3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:47", "references": [], "pluginID": "55593", "description": "The remote host is missing an update to ruby\nannounced via advisory DSA 860-1.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-01-17T00:00:00", "title": "Debian Security Advisory DSA 860-1 (ruby)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55593", "id": "OPENVAS:55593", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_860_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 860-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Yutaka Oiwa discovered a bug in Ruby, the interpreter for the\nobject-oriented scripting language, that can cause illegal program\ncode to bypass the safe level and taint flag protections check and be\nexecuted. The following matrix lists the fixed versions in our\ndistributions:\n\n old stable (woody) stable (sarge) unstable (sid)\nruby 1.6.7-3woody5 n/a n/a\nruby1.6 n/a 1.6.8-12sarge1 1.6.8-13\nruby1.8 n/a 1.8.2-7sarge2 1.8.3-1\n\nWe recommend that you upgrade your ruby packages.\";\ntag_summary = \"The remote host is missing an update to ruby\nannounced via advisory DSA 860-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20860-1\";\n\nif(description)\n{\n script_id(55593);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 860-1 (ruby)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"irb\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-elisp\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-examples\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libcurses-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libnkf-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libpty-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libreadline-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsdbm-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libsyslog-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtk-ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby-dev\", ver:\"1.6.7-3woody5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:27", "references": [], "pluginID": "55744", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: ruby, ruby_static", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2337"], "modified": "2016-09-28T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=55744", "id": "OPENVAS:55744", "sourceData": "#\n#VID 1daea60a-4719-11da-b5c6-0004614cc33d\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n ruby\n ruby_static\n\nCVE-2005-2337\nRuby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to\n2005-09-01 allows attackers to bypass safe level and taint flag\nprotections and execute disallowed code when Ruby processes a program\nthrough standard input (stdin).\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ruby-lang.org/en/20051003.html\nhttp://www.vuxml.org/freebsd/1daea60a-4719-11da-b5c6-0004614cc33d.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(55744);\n script_version(\"$Revision: 4164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-28 09:03:16 +0200 (Wed, 28 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(17951, 14909);\n script_cve_id(\"CVE-2005-2337\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: ruby, ruby_static\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6\")>0 && revcomp(a:bver, b:\"1.6.8.2004.07.28_2\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8\")>0 && revcomp(a:bver, b:\"1.8.2_5\")<0) {\n txt += 'Package ruby version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ruby_static\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.6\")>0 && revcomp(a:bver, b:\"1.6.8.2004.07.28_2\")<0) {\n txt += 'Package ruby_static version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.8\")>0 && revcomp(a:bver, b:\"1.8.2_5\")<0) {\n txt += 'Package ruby_static version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "references": [], "edition": 1, "description": "## Solution Description\nUpgrade to version 1.8.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://www.ruby-lang.org/\n[Vendor Specific Advisory URL](http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:191)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20051003-01-U.asc)\n[Vendor Specific Advisory URL](http://www.novell.com/linux/security/advisories/2006_05_sr.html)\nSecurity Tracker: 1014948\n[Secunia Advisory ID:17129](https://secuniaresearch.flexerasoftware.com/advisories/17129/)\n[Secunia Advisory ID:19130](https://secuniaresearch.flexerasoftware.com/advisories/19130/)\n[Secunia Advisory ID:17285](https://secuniaresearch.flexerasoftware.com/advisories/17285/)\n[Secunia Advisory ID:17098](https://secuniaresearch.flexerasoftware.com/advisories/17098/)\n[Secunia Advisory ID:17335](https://secuniaresearch.flexerasoftware.com/advisories/17335/)\n[Secunia Advisory ID:16904](https://secuniaresearch.flexerasoftware.com/advisories/16904/)\n[Secunia Advisory ID:17147](https://secuniaresearch.flexerasoftware.com/advisories/17147/)\nRedHat RHSA: RHSA-2005:799\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200510-05.xml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-195-1\nOther Advisory URL: http://jvn.jp/jp/JVN%2362914675/243894/index.html\nOther Advisory URL: http://www.debian.org/security/2005/dsa-860\n[CVE-2005-2337](https://vulners.com/cve/CVE-2005-2337)\n", "reporter": "OSVDB", "published": "2005-09-22T20:43:22", "title": "Ruby eval.c safe_level Restriction Bypass", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-2337"], "modified": "2005-09-22T20:43:22", "href": "https://vulners.com/osvdb/OSVDB:19610", "id": "OSVDB:19610", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:44:42", "references": ["http://iki.fi/upi/", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B", "https://rhn.redhat.com/errata/RHSA-2005-799.html"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.8-9.EL3.4.s390.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "any", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "any", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.src.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "ia64", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby", "packageFilename": "ruby-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "ia64", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.8.1-7.EL4.2.ia64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "irb", "packageFilename": "irb-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "x86_64", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.8-9.EL3.4.x86_64.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "irb", "packageFilename": "irb-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "s390x", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.6.8-9.EL3.4.s390x.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "4", "packageVersion": "1.8.1-7.EL4.2", "arch": "alpha", "packageName": "ruby-mode", "packageFilename": "ruby-mode-1.8.1-7.EL4.2.alpha.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "3", "packageVersion": "1.6.8-9.EL3.4", "arch": "i386", "packageName": "ruby", "packageFilename": "ruby-1.6.8-9.EL3.4.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:799\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012262.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012265.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012271.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012272.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012277.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012284.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-mode\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-799.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-10-11T17:07:31", "title": "irb, ruby security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-12T10:33:40", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/012262.html", "id": "CESA-2005:799", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-10-12T14:46:46", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "irb", "packageFilename": "irb-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "ruby-libs", "packageFilename": "ruby-libs-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "ruby-devel", "packageFilename": "ruby-devel-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "ruby-tcltk", "packageFilename": "ruby-tcltk-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "ruby", "packageFilename": "ruby-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}, {"OS": "CentOS", "OSVersion": "2", "packageVersion": "1.6.4-2.AS21.2", "arch": "i386", "packageName": "ruby-docs", "packageFilename": "ruby-docs-1.6.4-2.AS21.2.i386.rpm", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:799-01\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA bug was found in the way ruby handles eval statements. It is possible for\r\na malicious script to call eval in such a way that can allow the bypass of\r\ncertain safe-level restrictions. The Common Vulnerabilities and Exposures\r\nproject (cve.mitre.org) has assigned the name CAN-2005-2337 to this issue.\r\n\r\nUsers of Ruby should update to these erratum packages, which contain a\r\nbackported patch and are not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-October/012282.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-10-12T00:30:52", "title": "irb, ruby security update", "type": "centos", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-12T00:30:52", "href": "http://lists.centos.org/pipermail/centos-announce/2005-October/012282.html", "id": "CESA-2005:799-01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-03-29T18:17:16", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2337"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageName": "ruby1.8", "packageFilename": "UNKNOWN", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageName": "ruby1.8", "packageFilename": "UNKNOWN", "operator": "lt"}], "description": "The object oriented scripting language Ruby supports safely executing untrusted code with two mechanisms: safe level and taint flag on objects. Dr. Yutaka Oiwa discovered a vulnerability that allows Ruby methods to bypass these mechanisms. In systems which use this feature, this could be exploited to execute Ruby code beyond the restrictions specified in each safe level.", "edition": 1, "reporter": "Ubuntu", "published": "2005-10-10T00:00:00", "title": "Ruby vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2337"], "modified": "2005-10-10T00:00:00", "href": "https://usn.ubuntu.com/195-1/", "id": "USN-195-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-29T18:17:34", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-2337"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxine1", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "libxine1", "operator": "lt"}], "description": "Ulf Harnhammar discovered a format string vulnerability in the CDDB module\u2019s cache file handling in the Xine library, which is used by packages such as xine-ui, totem-xine, and gxine.\n\nBy tricking an user into playing a particular audio CD which has a specially-crafted CDDB entry, a remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user running the application. Since CDDB servers usually allow anybody to add and modify information, this exploit does not even require a particular CDDB server to be selected.", "edition": 1, "reporter": "Ubuntu", "published": "2005-10-10T00:00:00", "type": "ubuntu", "title": "Xine library vulnerability", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-2967", "CVE-2005-2337"], "modified": "2005-10-10T00:00:00", "href": "https://usn.ubuntu.com/196-1/", "id": "USN-196-1", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}}
