Lucene search
This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2011-0910.NASLHistoryJun 29, 2011 - 12:00 a.m.
RHEL 6 : ruby (RHSA-2011:0910)
2011-06-2900:00:00
This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.029 Low
EPSS
Percentile
90.8%
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0910 advisory.
-
ruby: memory corruption in BigDecimal on 64bit platforms (CVE-2011-0188)
-
Ruby: Symlink race condition by removing directory trees in fileutils module (CVE-2011-1004)
-
Ruby: Untrusted codes able to modify arbitrary strings (CVE-2011-1005)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:0910. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(55452);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id("CVE-2011-0188", "CVE-2011-1004", "CVE-2011-1005");
script_bugtraq_id(46458, 46460, 46966);
script_xref(name:"RHSA", value:"2011:0910");
script_name(english:"RHEL 6 : ruby (RHSA-2011:0910)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for ruby.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2011:0910 advisory.
- ruby: memory corruption in BigDecimal on 64bit platforms (CVE-2011-0188)
- Ruby: Symlink race condition by removing directory trees in fileutils module (CVE-2011-1004)
- Ruby: Untrusted codes able to modify arbitrary strings (CVE-2011-1005)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2011/rhsa-2011_0910.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6735ff26");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=678913");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=678920");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=682332");
# http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd9c4d00");
# http://www.ruby-lang.org/en/news/2011/02/18/exception-methods-can-bypass-safe/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?763c3e42");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2011:0910");
script_set_attribute(attribute:"solution", value:
"Update the RHEL ruby package based on the guidance in RHSA-2011:0910.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-0188");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/02");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-ri");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2011-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '6')) audit(AUDIT_OS_NOT, 'Red Hat 6.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/power/6/6Server/ppc64/debug',
'content/dist/rhel/power/6/6Server/ppc64/optional/debug',
'content/dist/rhel/power/6/6Server/ppc64/optional/os',
'content/dist/rhel/power/6/6Server/ppc64/optional/source/SRPMS',
'content/dist/rhel/power/6/6Server/ppc64/os',
'content/dist/rhel/power/6/6Server/ppc64/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/debug',
'content/dist/rhel/server/6/6Server/i386/highavailability/debug',
'content/dist/rhel/server/6/6Server/i386/highavailability/os',
'content/dist/rhel/server/6/6Server/i386/highavailability/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/debug',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/os',
'content/dist/rhel/server/6/6Server/i386/loadbalancer/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/optional/debug',
'content/dist/rhel/server/6/6Server/i386/optional/os',
'content/dist/rhel/server/6/6Server/i386/optional/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/os',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/debug',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/os',
'content/dist/rhel/server/6/6Server/i386/resilientstorage/source/SRPMS',
'content/dist/rhel/server/6/6Server/i386/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/debug',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/debug',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/os',
'content/dist/rhel/server/6/6Server/x86_64/highavailability/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/debug',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/os',
'content/dist/rhel/server/6/6Server/x86_64/loadbalancer/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/optional/debug',
'content/dist/rhel/server/6/6Server/x86_64/optional/os',
'content/dist/rhel/server/6/6Server/x86_64/optional/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/os',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/debug',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os',
'content/dist/rhel/server/6/6Server/x86_64/resilientstorage/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/debug',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/os',
'content/dist/rhel/server/6/6Server/x86_64/scalablefilesystem/source/SRPMS',
'content/dist/rhel/server/6/6Server/x86_64/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/debug',
'content/dist/rhel/system-z/6/6Server/s390x/optional/debug',
'content/dist/rhel/system-z/6/6Server/s390x/optional/os',
'content/dist/rhel/system-z/6/6Server/s390x/optional/source/SRPMS',
'content/dist/rhel/system-z/6/6Server/s390x/os',
'content/dist/rhel/system-z/6/6Server/s390x/source/SRPMS',
'content/fastrack/rhel/power/6/ppc64/debug',
'content/fastrack/rhel/power/6/ppc64/optional/debug',
'content/fastrack/rhel/power/6/ppc64/optional/os',
'content/fastrack/rhel/power/6/ppc64/optional/source/SRPMS',
'content/fastrack/rhel/power/6/ppc64/os',
'content/fastrack/rhel/power/6/ppc64/source/SRPMS',
'content/fastrack/rhel/server/6/i386/debug',
'content/fastrack/rhel/server/6/i386/highavailability/debug',
'content/fastrack/rhel/server/6/i386/highavailability/os',
'content/fastrack/rhel/server/6/i386/highavailability/source/SRPMS',
'content/fastrack/rhel/server/6/i386/loadbalancer/debug',
'content/fastrack/rhel/server/6/i386/loadbalancer/os',
'content/fastrack/rhel/server/6/i386/loadbalancer/source/SRPMS',
'content/fastrack/rhel/server/6/i386/optional/debug',
'content/fastrack/rhel/server/6/i386/optional/os',
'content/fastrack/rhel/server/6/i386/optional/source/SRPMS',
'content/fastrack/rhel/server/6/i386/os',
'content/fastrack/rhel/server/6/i386/resilientstorage/debug',
'content/fastrack/rhel/server/6/i386/resilientstorage/os',
'content/fastrack/rhel/server/6/i386/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/6/i386/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/debug',
'content/fastrack/rhel/server/6/x86_64/highavailability/debug',
'content/fastrack/rhel/server/6/x86_64/highavailability/os',
'content/fastrack/rhel/server/6/x86_64/highavailability/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/debug',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/os',
'content/fastrack/rhel/server/6/x86_64/loadbalancer/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/optional/debug',
'content/fastrack/rhel/server/6/x86_64/optional/os',
'content/fastrack/rhel/server/6/x86_64/optional/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/os',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/debug',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/os',
'content/fastrack/rhel/server/6/x86_64/resilientstorage/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/debug',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/os',
'content/fastrack/rhel/server/6/x86_64/scalablefilesystem/source/SRPMS',
'content/fastrack/rhel/server/6/x86_64/source/SRPMS',
'content/fastrack/rhel/system-z/6/s390x/debug',
'content/fastrack/rhel/system-z/6/s390x/optional/debug',
'content/fastrack/rhel/system-z/6/s390x/optional/os',
'content/fastrack/rhel/system-z/6/s390x/optional/source/SRPMS',
'content/fastrack/rhel/system-z/6/s390x/os',
'content/fastrack/rhel/system-z/6/s390x/source/SRPMS'
],
'pkgs': [
{'reference':'ruby-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-docs-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-docs-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-docs-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-docs-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-irb-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'ppc', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'s390', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-rdoc-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-rdoc-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-rdoc-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-rdoc-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-ri-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-ri-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-ri-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-ri-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-static-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-static-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-static-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-static-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-1.8.7.299-7.el6_1.1', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-1.8.7.299-7.el6_1.1', 'cpu':'ppc64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-1.8.7.299-7.el6_1.1', 'cpu':'s390x', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-tcltk-1.8.7.299-7.el6_1.1', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / ruby-rdoc / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | ruby | p-cpe:/a:redhat:enterprise_linux:ruby |
| redhat | enterprise_linux | ruby-devel | p-cpe:/a:redhat:enterprise_linux:ruby-devel |
| redhat | enterprise_linux | ruby-docs | p-cpe:/a:redhat:enterprise_linux:ruby-docs |
| redhat | enterprise_linux | ruby-irb | p-cpe:/a:redhat:enterprise_linux:ruby-irb |
| redhat | enterprise_linux | ruby-libs | p-cpe:/a:redhat:enterprise_linux:ruby-libs |
| redhat | enterprise_linux | ruby-rdoc | p-cpe:/a:redhat:enterprise_linux:ruby-rdoc |
| redhat | enterprise_linux | ruby-ri | p-cpe:/a:redhat:enterprise_linux:ruby-ri |
| redhat | enterprise_linux | ruby-static | p-cpe:/a:redhat:enterprise_linux:ruby-static |
| redhat | enterprise_linux | ruby-tcltk | p-cpe:/a:redhat:enterprise_linux:ruby-tcltk |
| redhat | enterprise_linux | 6 | cpe:/o:redhat:enterprise_linux:6 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005
www.nessus.org/u?6735ff26
www.nessus.org/u?763c3e42
www.nessus.org/u?cd9c4d00
access.redhat.com/errata/RHSA-2011:0910
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=678913
bugzilla.redhat.com/show_bug.cgi?id=678920
bugzilla.redhat.com/show_bug.cgi?id=682332
Related
nessus
nessus
Scientific Linux Security Update : ruby on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : ruby (ELSA-2011-0910)
2013-07-12 00:00:00
Mandriva Linux Security Advisory : ruby (MDVSA-2011:097)
2011-05-24 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-0910)
2015-10-06 00:00:00
RedHat Update for ruby RHSA-2011:0910-01
2012-06-06 00:00:00
RedHat Update for ruby RHSA-2011:0910-01
2012-06-06 00:00:00
redhat
redhat
(RHSA-2011:0910) Moderate: ruby security update
2011-06-28 00:00:00
(RHSA-2011:0909) Moderate: ruby security update
2011-06-28 00:00:00
(RHSA-2011:0908) Moderate: ruby security update
2011-06-28 00:00:00
oraclelinux
oraclelinux
ruby security update
2011-06-28 00:00:00
ruby security, bug fix, and enhancement update
2011-12-14 00:00:00
ruby security update
2011-06-28 00:00:00
securityvulns
securityvulns
ruby multiple security vulnerabilities
2011-05-25 00:00:00
[ MDVSA-2011:097 ] ruby
2011-05-25 00:00:00
Apple Mac OS X multiple security vulnerabilities
2012-08-20 00:00:00
centos
centos
ruby security update
2011-06-30 16:28:46
irb, ruby security update
2011-08-14 21:12:51
ruby security update
2013-01-09 20:36:59
fedora
fedora
[SECURITY] Fedora 13 Update: ruby-1.8.6.420-2.fc13
2011-03-02 01:46:19
[SECURITY] Fedora 16 Update: ruby-1.8.7.358-4.fc16
2012-10-14 03:52:43
ubuntu
ubuntu
Ruby vulnerabilities
2012-02-28 00:00:00
Ruby vulnerabilities
2012-09-26 00:00:00
cve
cve
ubuntucve
ubuntucve
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:59:04
Symlink Attack
2020-04-10 00:59:04
Access Control Bypass
2020-04-10 00:59:04
prion
prion
Integer overflow
2011-03-23 02:00:00
Authorization
2011-03-02 20:00:00
Design/Logic Flaw
2011-03-02 20:00:00
nvd
nvd
cvelist
cvelist
gentoo
gentoo
Ruby: Denial of service
2014-12-13 00:00:00
rubygems
rubygems
CVE-2011-1004 Ruby: Symlink race condition by removing directory trees in fileutils module
2011-02-18 21:00:00
CVE-2011-1005 Ruby: Untrusted codes able to modify arbitrary strings
2011-02-17 21:00:00
Ruby name_err_mesg_to_str Method Safe Level Security Bypass
2012-10-11 20:00:00
amazon
amazon
Medium: ruby
2012-10-23 10:43:00
Medium: ruby
2013-03-14 22:04:00
seebug
seebug
Ruby 安全级别限制绕过漏洞(CVE-2012-4466)
2013-04-28 00:00:00
osv
osv
ruby1.9.1 - security update
2015-05-30 00:00:00
ruby1.8 - security update
2014-11-21 00:00:00
debian
debian
[SECURITY] [DLA 235-1] ruby1.9.1 security update
2015-05-30 20:45:15
[SECURITY] [DLA 88-1] ruby1.8 security update
2014-11-21 15:18:14
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.3 High
AI Score
Confidence
High
0.029 Low
EPSS
Percentile
90.8%
Related for REDHAT-RHSA-2011-0910.NASL