8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2020.0252");
script_cve_id("CVE-2019-16782", "CVE-2020-8161");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-07-06 18:32:46 +0000 (Mon, 06 Jul 2020)");
script_name("Mageia: Security Advisory (MGASA-2020-0252)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA7");
script_xref(name:"Advisory-ID", value:"MGASA-2020-0252");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2020-0252.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=26688");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=25915");
script_xref(name:"URL", value:"https://github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/");
script_xref(name:"URL", value:"https://www.debian.org/lts/security/2020/dla-2216");
script_tag(name:"summary", value:"The remote host is missing an update for the 'ruby-rack' package(s) announced via the MGASA-2020-0252 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Updated ruby-rack packages fix security vulnerabilities:
There's a possible information leak / session hijack vulnerability in
Rack(RubyGem rack). Attackers may be able to find and hijack sessions
by using timing attacks targeting the session id. Session ids are usually
stored and indexed in a database that uses some kind of scheme for
speeding up lookups of that session id. By carefully measuring the amount
of time it takes to look up a session, an attacker may be able to find a
valid session id and hijack the session. The session id itself may be
generated randomly, but the way the session is indexed by the backing
store does not use a secure comparison (CVE-2019-16782).
If certain directories exist in a director that is managed by
Rack::Directory, an attacker could, using this vulnerability, read the
contents of files on the server that were outside of the root specified
in the Rack::Directory initializer (CVE-2020-8161).");
script_tag(name:"affected", value:"'ruby-rack' package(s) on Mageia 7.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA7") {
if(!isnull(res = isrpmvuln(pkg:"ruby-rack", rpm:"ruby-rack~2.0.8~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ruby-rack-doc", rpm:"ruby-rack-doc~2.0.8~1.mga7", rls:"MAGEIA7"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
advisories.mageia.org/MGASA-2020-0252.html
bugs.mageia.org/show_bug.cgi?id=25915
bugs.mageia.org/show_bug.cgi?id=26688
github.com/rack/rack/security/advisories/GHSA-hrqr-hxpp-chr3
lists.fedoraproject.org/archives/list/[email protected]/thread/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/
www.debian.org/lts/security/2020/dla-2216
MGASA-2020-0252
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
64.6%