Lucene search

K
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20081204_RUBY_ON_SL4_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.101

Percentile

95.0%

Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60502);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-3656", "CVE-2008-4310");

  script_name(english:"Scientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897
did not properly address a denial of service flaw in the WEBrick (Ruby
HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a
remote attacker to send a specially crafted HTTP request to a WEBrick
server that would cause the server to use excessive CPU time. This
update properly addresses this flaw. (CVE-2008-4310)"
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0812&L=scientific-linux-errata&T=0&P=423
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c45de4e9"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL4", reference:"irb-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-devel-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-docs-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-libs-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-mode-1.8.1-7.el4_7.2")) flag++;
if (rpm_check(release:"SL4", reference:"ruby-tcltk-1.8.1-7.el4_7.2")) flag++;

if (rpm_check(release:"SL5", reference:"ruby-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-devel-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-docs-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-irb-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-libs-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-mode-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-rdoc-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-ri-1.8.5-5.el5_2.6")) flag++;
if (rpm_check(release:"SL5", reference:"ruby-tcltk-1.8.5-5.el5_2.6")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.101

Percentile

95.0%