Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_RUBYGEM-ACTIONMAILER-111116.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

This update of rails fixes the following security issues :

CVE-2011-2930 - SQL-injection in quote_table_name function via specially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site Scripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 - Response Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification of records via specially crafted form parameters (bnc#712058) CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper (bnc#668817) CVE-2011-0447 - Improper validation of ‘X-Requested-With’ header (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly sanitized arguments to the limit function (bnc#668817) CVE-2011-0449 - Bypass of access restrictions via specially crafted action names (bnc#668817)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update rubygem-actionmailer-5440.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75730);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-3933", "CVE-2011-0446", "CVE-2011-0447", "CVE-2011-0448", "CVE-2011-0449", "CVE-2011-2930", "CVE-2011-2931", "CVE-2011-3186");

  script_name(english:"openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)");
  script_summary(english:"Check for the rubygem-actionmailer-5440 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of rails fixes the following security issues :

CVE-2011-2930 - SQL-injection in quote_table_name function via
specially crafted column names (bnc#712062) CVE-2011-2931 - Cross-Site
Scripting (XSS) in the strip_tags helper (bnc#712057) CVE-2011-3186 -
Response Splitting (bnc#712058) CVE-2010-3933 - Arbitrary modification
of records via specially crafted form parameters (bnc#712058)
CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper
(bnc#668817) CVE-2011-0447 - Improper validation of 'X-Requested-With'
header (bnc#668817) CVE-2011-0448 - SQL-injection caused by improperly
sanitized arguments to the limit function (bnc#668817) CVE-2011-0449 -
Bypass of access restrictions via specially crafted action names
(bnc#668817)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=668817"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=712057"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=712058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=712062"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected rubygem-actionmailer packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionmailer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionpack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activerecord");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activeresource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activesupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-rack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-rails-2_3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/11/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"rubygem-actionmailer-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-actionmailer-2_3-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-actionpack-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-actionpack-2_3-2.3.14-0.2.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activerecord-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activerecord-2_3-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activeresource-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activeresource-2_3-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activesupport-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-activesupport-2_3-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-rack-1.1.2-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-rails-2.3.14-0.3.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"rubygem-rails-2_3-2.3.14-0.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionmailer / rubygem-actionmailer-2_3 / etc");
}
VendorProductVersionCPE
novellopensuserubygem-actionmailerp-cpe:/a:novell:opensuse:rubygem-actionmailer
novellopensuserubygem-actionmailer-2_3p-cpe:/a:novell:opensuse:rubygem-actionmailer-2_3
novellopensuserubygem-actionpackp-cpe:/a:novell:opensuse:rubygem-actionpack
novellopensuserubygem-actionpack-2_3p-cpe:/a:novell:opensuse:rubygem-actionpack-2_3
novellopensuserubygem-activerecordp-cpe:/a:novell:opensuse:rubygem-activerecord
novellopensuserubygem-activerecord-2_3p-cpe:/a:novell:opensuse:rubygem-activerecord-2_3
novellopensuserubygem-activeresourcep-cpe:/a:novell:opensuse:rubygem-activeresource
novellopensuserubygem-activeresource-2_3p-cpe:/a:novell:opensuse:rubygem-activeresource-2_3
novellopensuserubygem-activesupportp-cpe:/a:novell:opensuse:rubygem-activesupport
novellopensuserubygem-activesupport-2_3p-cpe:/a:novell:opensuse:rubygem-activesupport-2_3
Rows per page:
1-10 of 141

Related

nessus 11
fedora 20
openvas 39
osv 13
securityvulns 4
debian 3
seebug 2
gentoo 1
github 9
gitlab 10
debiancve 9
prion 9
ubuntucve 9
cve 9
nessus
nessus
openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)
2014-06-13 00:00:00
Fedora 15 : rubygem-actionmailer-3.0.5-1.fc15 / rubygem-actionpack-3.0.5-1.fc15 / etc (2011-4358)
2011-04-06 00:00:00
Debian DSA-2301-2 : rails - several vulnerabilities
2011-09-06 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: rubygem-actionpack-2.3.8-4.fc14
2011-09-07 00:15:09
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-1.fc15
2011-04-05 21:43:08
[SECURITY] Fedora 15 Update: rubygem-railties-3.0.5-1.fc15
2011-04-05 21:43:09
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-11567
2011-09-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-11567
2011-09-12 00:00:00
FreeBSD Ports: rubygem-rails
2011-09-21 00:00:00
osv
osv
rails - several
2012-01-23 00:00:00
rails - several
2012-01-23 00:00:00
rails - several vulnerabilities
2011-05-31 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2301-1] rails security update
2011-09-09 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-09-09 00:00:00
[SECURITY] [DSA 2247-1] rails security update
2011-06-02 00:00:00
debian
debian
[SECURITY] [DSA 2301-2] rails regression
2012-01-23 18:35:53
[SECURITY] [DSA 2301-1] rails security update
2011-09-05 20:25:54
[SECURITY] [DSA 2247-1] rails security update
2011-05-31 19:04:22
seebug
seebug
Ruby on Rails跨站脚本执行及跨站请求伪造漏洞
2011-04-08 00:00:00
Ruby on Rails安全限制绕过和SQL注入漏洞
2011-04-08 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
github
github
Rails activerecord gem has Improper Input Validation vulnerability
2017-10-24 18:33:38
activerecord vulnerable to SQL Injection
2017-10-24 18:33:38
actionpack Cross-site Scripting vulnerability
2017-10-24 18:33:38
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
2017-10-24 00:00:00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2017-10-24 00:00:00
debiancve
debiancve
CVE-2010-3933
2010-10-28 00:00:00
CVE-2011-2930
2011-08-29 18:55:00
CVE-2011-2931
2011-08-29 18:55:00
prion
prion
Design/Logic Flaw
2010-10-28 00:00:00
Sql injection
2011-08-29 18:55:00
Crlf injection
2011-08-29 18:55:00
ubuntucve
ubuntucve
CVE-2010-3933
2010-10-28 00:00:00
CVE-2011-3186
2011-08-29 00:00:00
CVE-2011-2931
2011-08-29 00:00:00
cve
cve
CVE-2010-3933
2010-10-28 00:00:00
CVE-2011-0449
2011-02-21 18:00:00
CVE-2011-2931
2011-08-29 18:55:00
JSON
Related for SUSE_11_3_RUBYGEM-ACTIONMAILER-111116.NASL
nessus11fedora20openvas39osv13securityvulns4debian3seebug2gentoo1github9gitlab10debiancve9prion9ubuntucve9cve9