Rubygem package update addressing command injection, XXE, and external entities vulnerabilities
Reporter | Title | Published | Views | Family All 87 |
---|---|---|---|---|
Photon | Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0413 | 12 Nov 202100:00 | – | photon |
Photon | Moderate Photon OS Security Update - PHSA-2021-0068 | 24 Jul 202100:00 | – | photon |
Photon | Moderate Photon OS Security Update - PHSA-2021-4.0-0068 | 24 Jul 202100:00 | – | photon |
Photon | Important Photon OS Security Update - PHSA-2021-0115 | 8 Oct 202100:00 | – | photon |
Photon | Important Photon OS Security Update - PHSA-2021-4.0-0115 | 14 Oct 202100:00 | – | photon |
SUSE Linux | Security update for rubygem-nokogiri (important) | 5 Feb 202100:00 | – | suse |
OpenVAS | openSUSE: Security Advisory for rubygem-nokogiri (openSUSE-SU-2021:0237-1) | 16 Apr 202100:00 | – | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2021-0063) | 28 Jan 202200:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-3149-1) | 13 Oct 202200:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-2678-1) | 7 Jun 202100:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2021-2.0-0413. The text
# itself is copyright (C) VMware, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155347);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/11/15");
script_cve_id("CVE-2019-5477", "CVE-2020-26247", "CVE-2021-41098");
script_name(english:"Photon OS 2.0: Rubygem PHSA-2021-2.0-0413");
script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"An update of the rubygem package has been released.
- A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a
subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method
`Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This
vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by
Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was
addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
(CVE-2019-5477)
- Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In
Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by
Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network,
potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by
Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed
in Nokogiri version 1.11.0.rc4. (CVE-2020-26247)
- Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In
Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users
of Nokogiri on JRuby who parse untrusted documents using any of these classes are affected:
Nokogiri::XML::SAX::Parse, Nokogiri::HTML4::SAX::Parser or its alias Nokogiri::HTML::SAX::Parser,
Nokogiri::XML::SAX::PushParser, and Nokogiri::HTML4::SAX::PushParser or its alias
Nokogiri::HTML::SAX::PushParser. JRuby users should upgrade to Nokogiri v1.12.5 or later to receive a
patch for this issue. There are no workarounds available for v1.12.4 or earlier. CRuby users are not
affected. (CVE-2021-41098)
");
script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-413.md");
script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5477");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:rubygem");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"PhotonOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/PhotonOS/release');
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, 'PhotonOS');
if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');
if (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);
var flag = 0;
if (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'rubygem-nokogiri-1.12.5-1.ph2')) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rubygem');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo