Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2018-0378.NASL
HistoryMar 01, 2018 - 12:00 a.m.

Oracle Linux 7 : ruby (ELSA-2018-0378)

2018-03-0100:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

From Red Hat Security Advisory 2018:0378 :

An update for ruby is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.

Security Fix(es) :

  • It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)

  • A buffer underflow was found in ruby’s sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)

  • It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.
    (CVE-2017-0901)

  • A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)

  • A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)

  • It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)

  • It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)

  • A vulnerability was found where rubygems did not properly sanitize gems’ specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)

  • It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)

  • A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter’s heap memory. (CVE-2017-14064)

  • The ‘lazy_initialize’ function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:0378 and 
# Oracle Linux Security Advisory ELSA-2018-0378 respectively.
#

include("compat.inc");

if (description)
{
  script_id(107080);
  script_version("3.4");
  script_cvs_date("Date: 2019/09/27 13:00:38");

  script_cve_id("CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790");
  script_xref(name:"RHSA", value:"2018:0378");

  script_name(english:"Oracle Linux 7 : ruby (ELSA-2018-0378)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"From Red Hat Security Advisory 2018:0378 :

An update for ruby is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting
language. It has features to process text files and to perform system
management tasks.

Security Fix(es) :

* It was discovered that the Net::FTP module did not properly process
filenames in combination with certain operations. A remote attacker
could exploit this flaw to execute arbitrary commands by setting up a
malicious FTP server and tricking a user or Ruby application into
downloading files with specially crafted names using the Net::FTP
module. (CVE-2017-17405)

* A buffer underflow was found in ruby's sprintf function. An
attacker, with ability to control its format string parameter, could
send a specially crafted string that would disclose heap memory or
crash the interpreter. (CVE-2017-0898)

* It was found that rubygems did not sanitize gem names during
installation of a given gem. A specially crafted gem could use this
flaw to install files outside of the regular directory.
(CVE-2017-0901)

* A vulnerability was found where rubygems did not sanitize DNS
responses when requesting the hostname of the rubygems server for a
domain, via a _rubygems._tcp DNS SRV query. An attacker with the
ability to manipulate DNS responses could direct the gem command
towards a different domain. (CVE-2017-0902)

* A vulnerability was found where the rubygems module was vulnerable
to an unsafe YAML deserialization when inspecting a gem. Applications
inspecting gem files without installing them can be tricked to execute
arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)

* It was found that WEBrick did not sanitize all its log messages. If
logs were printed in a terminal, an attacker could interact with the
terminal via the use of escape sequences. (CVE-2017-10784)

* It was found that the decode method of the OpenSSL::ASN1 module was
vulnerable to buffer underrun. An attacker could pass a specially
crafted string to the application in order to crash the ruby
interpreter, causing a denial of service. (CVE-2017-14033)

* A vulnerability was found where rubygems did not properly sanitize
gems' specification text. A specially crafted gem could interact with
the terminal via the use of escape sequences. (CVE-2017-0899)

* It was found that rubygems could use an excessive amount of CPU
while parsing a sufficiently long gem summary. A specially crafted gem
from a gem repository could freeze gem commands attempting to parse
its summary. (CVE-2017-0900)

* A buffer overflow vulnerability was found in the JSON extension of
ruby. An attacker with the ability to pass a specially crafted JSON
input to the extension could use this flaw to expose the interpreter's
heap memory. (CVE-2017-14064)

* The 'lazy_initialize' function in lib/resolv.rb did not properly
process certain filenames. A remote attacker could possibly exploit
this flaw to inject and execute arbitrary commands. (CVE-2017-17790)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2018-February/007545.html"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected ruby packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-irb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-tcltk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bigdecimal");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-io-console");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-minitest");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-psych");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rake");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rdoc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);

flag = 0;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-devel-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-doc-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-irb-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-libs-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"ruby-tcltk-2.0.0.648-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-bigdecimal-1.2.0-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-io-console-0.4.2-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-json-1.7.7-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-minitest-4.3.2-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-psych-2.0.0-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-rake-0.9.6-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygem-rdoc-4.0.0-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygems-2.0.14.1-33.el7_4")) flag++;
if (rpm_check(release:"EL7", cpu:"x86_64", reference:"rubygems-devel-2.0.14.1-33.el7_4")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc");
}
VendorProductVersionCPE
oraclelinuxrubyp-cpe:/a:oracle:linux:ruby
oraclelinuxruby-develp-cpe:/a:oracle:linux:ruby-devel
oraclelinuxruby-docp-cpe:/a:oracle:linux:ruby-doc
oraclelinuxruby-irbp-cpe:/a:oracle:linux:ruby-irb
oraclelinuxruby-libsp-cpe:/a:oracle:linux:ruby-libs
oraclelinuxruby-tcltkp-cpe:/a:oracle:linux:ruby-tcltk
oraclelinuxrubygem-bigdecimalp-cpe:/a:oracle:linux:rubygem-bigdecimal
oraclelinuxrubygem-io-consolep-cpe:/a:oracle:linux:rubygem-io-console
oraclelinuxrubygem-jsonp-cpe:/a:oracle:linux:rubygem-json
oraclelinuxrubygem-minitestp-cpe:/a:oracle:linux:rubygem-minitest
Rows per page:
1-10 of 161

Related

oraclelinux 1
nessus 46
openvas 31
centos 1
redhat 6
ibm 1
amazon 2
slackware 2
osv 19
ubuntu 6
debian 9
fedora 7
mageia 3
freebsd 3
ubuntucve 9
f5 2
gentoo 3
cve 6
debiancve 6
prion 6
photon 1
seebug 1
exploitpack 1
alpinelinux 4
hackerone 4
veracode 7
redhatcve 7
checkpoint_advisories 1
zdt 2
github 2
oraclelinux
oraclelinux
ruby security update
2018-02-28 00:00:00
nessus
nessus
Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)
2018-03-01 00:00:00
CentOS 7 : ruby (CESA-2018:0378)
2018-03-12 00:00:00
NewStart CGSL MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0013)
2019-08-12 00:00:00
openvas
openvas
CentOS Update for ruby CESA-2018:0378 centos7
2018-03-14 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1067)
2020-01-23 00:00:00
centos
centos
ruby, rubygem, rubygems security update
2018-03-10 11:53:01
redhat
redhat
(RHSA-2018:0378) Important: ruby security update
2018-02-28 16:24:33
(RHSA-2018:0585) Important: rh-ruby23-ruby security, bug fix, and enhancement update
2018-03-26 09:13:23
(RHSA-2017:3485) Moderate: rh-ruby24-ruby security, bug fix, and enhancement update
2017-12-19 08:13:07
ibm
ibm
Security Bulletin: Vulnerabilities in Ruby affect PowerKVM
2018-06-18 01:42:18
amazon
amazon
Medium: ruby24
2017-10-26 17:01:00
Medium: ruby22, ruby23
2017-10-02 17:01:00
slackware
slackware
[slackware-security] ruby
2017-09-18 19:20:47
[slackware-security] ruby
2017-12-20 06:38:26
osv
osv
ruby1.9.1 - security update
2017-09-26 00:00:00
ruby2.3 - security update
2017-11-11 00:00:00
ruby2.0 regression
2021-03-25 15:43:03
ubuntu
ubuntu
Ruby vulnerabilities
2017-10-05 00:00:00
Ruby vulnerabilities
2018-01-10 00:00:00
Ruby vulnerabilities
2018-06-13 00:00:00
debian
debian
[SECURITY] [DLA 1114-1] ruby1.9.1 security update
2017-09-26 21:16:53
[SECURITY] [DSA 4031-1] ruby2.3 security update
2017-11-11 14:46:00
[SECURITY] [DSA 4031-1] ruby2.3 security update
2017-11-11 14:46:00
fedora
fedora
[SECURITY] Fedora 25 Update: ruby-2.3.4-64.fc25
2017-09-16 03:24:34
[SECURITY] Fedora 26 Update: rubygems-2.6.13-100.fc26
2017-09-09 23:57:10
[SECURITY] Fedora 27 Update: rubygems-2.6.13-100.fc27
2017-09-30 07:26:40
mageia
mageia
Updated ruby-RubyGems packages fix security vulnerabilities
2017-12-31 18:14:43
Updated ruby packages fix security vulnerabilities
2017-10-18 23:19:34
Updated ruby packages fix security vulnerabilities
2017-12-31 18:51:06
freebsd
freebsd
ruby -- multiple vulnerabilities
2017-09-14 00:00:00
ruby -- Command injection vulnerability in Net::FTP
2017-12-14 00:00:00
rubygems -- deserialization vulnerability
2017-10-09 00:00:00
ubuntucve
ubuntucve
CVE-2017-0899
2017-08-31 00:00:00
CVE-2017-0900
2017-08-31 00:00:00
CVE-2017-17790
2017-12-20 00:00:00
f5
f5
K01730454 : Ruby vulnerabilities CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, and CVE-2017-0902
2017-09-11 00:00:00
K91125274 : RubyGems vulnerability CVE-2017-0903
2022-04-14 00:00:00
gentoo
gentoo
RubyGems: Multiple vulnerabilities
2017-10-08 00:00:00
Ruby: Multiple vulnerabilities
2017-10-18 00:00:00
Ruby: Command injection
2018-02-20 00:00:00
cve
cve
CVE-2017-17790
2017-12-20 09:29:00
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-10784
2017-09-19 17:29:00
debiancve
debiancve
CVE-2017-17790
2017-12-20 09:29:00
CVE-2017-17405
2017-12-15 09:29:00
CVE-2017-10784
2017-09-19 17:29:00
prion
prion
Command injection
2017-12-20 09:29:00
Null pointer dereference
2017-08-31 17:29:00
Command injection
2017-12-15 09:29:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0100
2018-01-18 00:00:00
seebug
seebug
Command injection vulnerability in Net::FTP(CVE-2017-17405)
2017-12-18 00:00:00
exploitpack
exploitpack
Ruby 2.2.8 2.3.5 2.4.2 2.5.0-preview1 - NET::Ftp Command Injection
2017-12-02 00:00:00
alpinelinux
alpinelinux
CVE-2017-14064
2017-08-31 17:29:00
CVE-2017-10784
2017-09-19 17:29:00
CVE-2017-17405
2017-12-15 09:29:00
hackerone
hackerone
Ruby: Escape sequence injection vulnerability in WEBrick BasicAuth
2017-04-24 10:25:41
Ruby: Arbitrary heap exposure in JSON.generate
2017-03-01 22:55:39
Ruby: NET::Ftp allows command injection in filenames
2017-12-02 11:33:02
veracode
veracode
Buffer Overflow
2019-05-16 02:16:35
Command Injection
2019-05-16 02:49:49
Arbitrary Command Execution
2019-01-15 09:21:10
redhatcve
redhatcve
CVE-2017-14033
2017-09-14 21:48:31
CVE-2017-17790
2019-10-08 04:44:54
CVE-2017-17405
2017-12-14 21:50:01
checkpoint_advisories
checkpoint_advisories
Ruby Net FTP Command Injection (CVE-2017-17405) - Ver2
2018-04-15 00:00:00
zdt
zdt
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit
2017-12-22 00:00:00
RubyGems Unsafe Object Deserialization Vulnerability
2017-10-10 00:00:00
github
github
Ruby OpenSSL DoS Vulnerability
2022-05-14 02:03:26
WEBrick RCE Vulnerability
2022-05-14 02:03:29
JSON
Related for ORACLELINUX_ELSA-2018-0378.NASL
oraclelinux1nessus46openvas31centos1redhat6ibm1amazon2slackware2osv19ubuntu6debian9fedora7mageia3freebsd3ubuntucve9f52gentoo3cve6debiancve6prion6photon1seebug1exploitpack1alpinelinux4hackerone4veracode7redhatcve7checkpoint_advisories1zdt2github2