Lucene search
Copyright (C) 2009 Greenbone Networks GmbHOPENVAS:840243HistoryMar 23, 2009 - 12:00 a.m.
Ubuntu Update for ruby1.8 vulnerabilities USN-621-1
2009-03-2300:00:00
Copyright (C) 2009 Greenbone Networks GmbH
plugins.openvas.org
6
0.009 Low
EPSS
Percentile
81.3%
Ubuntu Update for Linux kernel vulnerabilities USN-621-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_621_1.nasl 7969 2017-12-01 09:23:16Z santu $
#
# Ubuntu Update for ruby1.8 vulnerabilities USN-621-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Drew Yao discovered several vulnerabilities in Ruby which lead to integer
overflows. If a user or automated system were tricked into running a
malicious script, an attacker could cause a denial of service or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726)
Drew Yao discovered that Ruby did not sanitize its input when using ALLOCA.
If a user or automated system were tricked into running a malicious script,
an attacker could cause a denial of service via memory corruption.
(CVE-2008-2664)";
tag_summary = "Ubuntu Update for Linux kernel vulnerabilities USN-621-1";
tag_affected = "ruby1.8 vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 7.04 ,
Ubuntu 7.10 ,
Ubuntu 8.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-621-1/");
script_id(840243);
script_version("$Revision: 7969 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2009-03-23 10:59:50 +0100 (Mon, 23 Mar 2009)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_xref(name: "USN", value: "621-1");
script_cve_id("CVE-2008-2662", "CVE-2008-2663", "CVE-2008-2664", "CVE-2008-2725", "CVE-2008-2726");
script_name( "Ubuntu Update for ruby1.8 vulnerabilities USN-621-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU6.06 LTS")
{
if ((res = isdpkgvuln(pkg:"libruby1.8-dbg", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-dev", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libdbm-ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdbm-ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libopenssl-ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libreadline-ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtcltk-ruby1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"irb1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"rdoc1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ri1.8", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-elisp", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-examples", ver:"1.8.4-1ubuntu1.5", rls:"UBUNTU6.06 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU7.04")
{
if ((res = isdpkgvuln(pkg:"libruby1.8-dbg", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-dev", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libdbm-ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdbm-ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libopenssl-ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libreadline-ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtcltk-ruby1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"irb1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"rdoc1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ri1.8", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-elisp", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-examples", ver:"1.8.5-4ubuntu2.2", rls:"UBUNTU7.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU8.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libruby1.8-dbg", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-dev", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libdbm-ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdbm-ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libopenssl-ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libreadline-ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtcltk-ruby1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"irb1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"rdoc1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ri1.8", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-elisp", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-examples", ver:"1.8.6.111-2ubuntu1.1", rls:"UBUNTU8.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU7.10")
{
if ((res = isdpkgvuln(pkg:"libruby1.8-dbg", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-dev", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libdbm-ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libgdbm-ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libopenssl-ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libreadline-ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libtcltk-ruby1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"irb1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"rdoc1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ri1.8", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-elisp", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"ruby1.8-examples", ver:"1.8.6.36-1ubuntu3.2", rls:"UBUNTU7.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
References
Related
nessus
nessus
Slackware 11.0 / 12.0 / 12.1 / current : ruby (SSA:2008-179-01)
2008-07-02 00:00:00
Debian DSA-1618-1 : ruby1.9 - several vulnerabilities
2008-07-28 00:00:00
seebug
seebug
Rubyε€δΈͺθΏη¨δ»£η ζ§θ‘ζΌζ΄
2008-06-28 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2008-179-01)
2012-09-10 00:00:00
Ubuntu: Security Advisory (USN-621-1)
2009-03-23 00:00:00
Slackware Advisory SSA:2008-179-01 ruby
2012-09-11 00:00:00
securityvulns
securityvulns
Ruby multiple security vulnerabilities
2008-07-03 00:00:00
rPSA-2008-0206-1 ruby
2008-06-27 00:00:00
slackware
slackware
[slackware-security] ruby
2008-06-28 05:00:21
ubuntu
ubuntu
Ruby vulnerabilities
2008-06-26 00:00:00
prion
prion
Memory corruption
2008-06-24 19:41:00
Integer overflow
2008-06-24 19:41:00
Integer overflow
2008-06-24 19:41:00
cve
cve
ubuntucve
ubuntucve
redhat
redhat
(RHSA-2008:0561) Moderate: ruby security update
2008-07-14 00:00:00
(RHSA-2008:0562) Moderate: ruby security update
2008-07-14 00:00:00
osv
osv
ruby1.8 - several vulnerabilities
2008-07-21 00:00:00
ruby1.9 - several vulnerabilities
2008-07-26 00:00:00
oraclelinux
oraclelinux
ruby security update
2008-07-14 00:00:00
ruby security update
2008-07-14 00:00:00
centos
centos
irb, ruby security update
2008-07-14 16:46:29
irb, ruby security update
2008-07-14 16:43:34
irb, ruby security update
2008-07-14 23:50:47
rubygems
rubygems
CVE-2008-2725 ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N
2008-06-19 20:00:00
CVE-2008-2664 ruby: Unsafe use of alloca in rb_str_format()
2008-06-19 20:00:00
CVE-2008-2662 ruby: Integer overflows in rb_str_buf_append()
2008-06-19 20:00:00
debian
debian
[SECURITY] [DSA 1618-1] New ruby1.9 packages fix several vulnerabilities
2008-07-26 15:17:57
[SECURITY] [DSA 1612-1] New ruby1.8 packages fix several vulnerabilities
2008-07-21 17:29:08
fedora
fedora
[SECURITY] Fedora 9 Update: ruby-1.8.6.230-1.fc9
2008-06-25 02:52:26
[SECURITY] Fedora 9 Update: ruby-1.8.6.230-1.fc9
2008-07-26 06:02:52
[SECURITY] Fedora 8 Update: ruby-1.8.6.230-1.fc8
2008-06-25 02:51:05
gentoo
gentoo
Ruby: Multiple vulnerabilities
2008-12-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 5 package ruby version 1.8.7-alt4
2008-06-20 00:00:00
freebsd
freebsd
ruby -- multiple integer and buffer overflow vulnerabilities
2008-06-19 00:00:00