{"id": "ELSA-2013-0129", "bulletinFamily": "unix", "title": "ruby security and bug fix update", "description": "[1.8.5-27]\r\n- unintentional file creation caused by inserting an illegal NUL character\r\n * ruby-1.8.6-CVE-2012-4522-io.c-pipe_open-command-name-should-not-contain-null-.patch\r\n - Related: rhbz#867750\r\n \n[1.8.5-26]\r\n- escaping vulnerability about Exception#to_s / NameError#to_s\r\n * ruby-1.8.7-p371-CVE-2012-4481.patch\r\n - Resolves: rhbz#867750\r\n- unintentional file creation caused by inserting an illegal NUL character\r\n * ruby-1.8.6-CVE-2012-4522-io.c-rb_open_file-should-check-NUL-in-path.patch\r\n - Resolves: rhbz#867750\r\n \n[1.8.5-25]\r\n- Resolve buffer overflow causing gem installation issues.\r\n * ruby-1.8.7-syck-avoid-buffer-overflow.patch\r\n - Resolves: rhbz#834381", "published": "2013-01-11T00:00:00", "modified": "2013-01-11T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0129.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2012-4481", "CVE-2012-4522"], "type": "oraclelinux", "lastseen": "2019-05-29T18:39:09", "edition": 4, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-4522", "CVE-2012-4481"]}, {"type": "seebug", "idList": ["SSV:60443"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841203", "OPENVAS:1361412562310123753", "OPENVAS:881561", "OPENVAS:136141256231072614", "OPENVAS:870876", "OPENVAS:1361412562310870876", "OPENVAS:72614", "OPENVAS:1361412562310841184", "OPENVAS:1361412562310881561", "OPENVAS:841184"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2013-0129.NASL", "CENTOS_RHSA-2013-0129.NASL", "FREEBSD_PKG_3DECC87D249811E2B0C7000D601460A4.NASL", "SL_20130108_RUBY_ON_SL5_X.NASL", "FEDORA_2012-16071.NASL", "ORACLELINUX_ELSA-2013-0129.NASL", "UBUNTU_USN-1603-2.NASL", "REDHAT-RHSA-2013-0612.NASL", "FEDORA_2012-16086.NASL", "UBUNTU_USN-1603-1.NASL"]}, {"type": "centos", "idList": ["CESA-2013:0129", "CESA-2013:0612"]}, {"type": "redhat", "idList": ["RHSA-2013:0129", "RHSA-2013:0612", "RHSA-2013:0582"]}, {"type": "freebsd", "idList": ["3DECC87D-2498-11E2-B0C7-000D601460A4"]}, {"type": "fedora", "idList": ["FEDORA:D3F2E2077E", "FEDORA:0656420CB7", "FEDORA:563BE22162", "FEDORA:D3CDB209D8", "FEDORA:8BBD920A47", "FEDORA:D0BBC20783"]}, {"type": "ubuntu", "idList": ["USN-1603-1", "USN-1603-2", "USN-1614-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0612"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12642", "SECURITYVULNS:DOC:28628"]}, {"type": "amazon", "idList": ["ALAS-2013-173"]}, {"type": "debian", "idList": ["DEBIAN:DLA-235-1:FDEBD"]}, {"type": "gentoo", "idList": ["GLSA-201412-27"]}], "modified": "2019-05-29T18:39:09", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:39:09", "rev": 2}, "vulnersScore": 6.2}, "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-irb-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-irb", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-ri-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-ri", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-rdoc-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-rdoc", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.src.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.src.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "src", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.src.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-rdoc-1.8.5-27.el5.i386.rpm", "packageName": "ruby-rdoc", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.i386.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-libs-1.8.5-27.el5.i386.rpm", "packageName": "ruby-libs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-libs-1.8.5-27.el5.i386.rpm", "packageName": "ruby-libs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-mode-1.8.5-27.el5.i386.rpm", "packageName": "ruby-mode", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-tcltk-1.8.5-27.el5.i386.rpm", "packageName": "ruby-tcltk", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-devel-1.8.5-27.el5.i386.rpm", "packageName": "ruby-devel", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-devel-1.8.5-27.el5.i386.rpm", "packageName": "ruby-devel", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-docs-1.8.5-27.el5.i386.rpm", "packageName": "ruby-docs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-irb-1.8.5-27.el5.i386.rpm", "packageName": "ruby-irb", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-rdoc-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-rdoc", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-1.8.5-27.el5.ia64.rpm", "packageName": "ruby", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-ri-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-ri", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-libs-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-libs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-tcltk-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-tcltk", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-docs-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-docs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-irb-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-irb", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-mode-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-mode", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-docs-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-docs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-devel-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-devel", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-libs-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-libs", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-mode-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-mode", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "ia64", "operator": "lt", "packageFilename": "ruby-devel-1.8.5-27.el5.ia64.rpm", "packageName": "ruby-devel", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "x86_64", "operator": "lt", "packageFilename": "ruby-tcltk-1.8.5-27.el5.x86_64.rpm", "packageName": "ruby-tcltk", "packageVersion": "1.8.5-27.el5"}, {"OS": "Oracle Linux", "OSVersion": "5", "arch": "i386", "operator": "lt", "packageFilename": "ruby-ri-1.8.5-27.el5.i386.rpm", "packageName": "ruby-ri", "packageVersion": "1.8.5-27.el5"}], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T12:06:09", "description": "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.", "edition": 3, "cvss3": {}, "published": "2012-11-24T20:55:00", "title": "CVE-2012-4522", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4522"], "modified": "2013-05-04T03:20:00", "cpe": ["cpe:/a:ruby-lang:ruby:2.0.0", "cpe:/a:ruby-lang:ruby:1.9.3"], "id": "CVE-2012-4522", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4522", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T12:06:09", "description": "The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005.", "edition": 3, "cvss3": {}, "published": "2013-05-02T14:55:00", "title": "CVE-2012-4481", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-4481"], "modified": "2014-02-12T04:39:00", "cpe": ["cpe:/a:ruby-lang:ruby:1.8.7"], "id": "CVE-2012-4481", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4481", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:1.8.7:*:*:*:*:*:*:*"]}], "seebug": [{"lastseen": "2017-11-19T17:48:52", "description": "Bugtraq ID:56115\r\nCVE ID:CVE-2012-4522\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\nRuby\u7684\u6587\u4ef6\u521b\u5efa\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5728\u6587\u4ef6\u8def\u5f84\u4e2d\u6ce8\u5165\u975e\u6cd5NUL(s)\u521b\u5efa\u6076\u610f\u6587\u4ef6\u3002\r\n0\r\nYukihiro Matsumoto Ruby 1.9.3 dev\r\nYukihiro Matsumoto Ruby 1.9.2 RC2\r\nYukihiro Matsumoto Ruby 1.9.2 P180\r\nYukihiro Matsumoto Ruby 1.9.2 P136\r\nYukihiro Matsumoto Ruby 1.9.2 P0\r\nYukihiro Matsumoto Ruby 1.9.2 -rc1\r\nYukihiro Matsumoto Ruby 1.9.1 P431\r\nYukihiro Matsumoto Ruby 1.9.1 -p429\r\nYukihiro Matsumoto Ruby 1.9.1 -p376\r\nYukihiro Matsumoto Ruby 1.9.1\r\nYukihiro Matsumoto Ruby 1.9 -2\r\nYukihiro Matsumoto Ruby 1.9 -1\r\nYukihiro Matsumoto Ruby 1.9\r\nYukihiro Matsumoto Ruby 1.9.2 pre3\r\nYukihiro Matsumoto Ruby 1.9.1-p430\r\nYukihiro Matsumoto Ruby 1.9.1-p378\r\nYukihiro Matsumoto Ruby 1.9.0-3\r\nYukihiro Matsumoto Ruby 1.9\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\u7528\u6237\u53ef\u8054\u7cfb\u5382\u5546\u83b7\u5f97\u6700\u65b0\u7684\u7248\u672c\uff1a\r\nhttp://www.ruby-lang.org/", "published": "2012-10-23T00:00:00", "type": "seebug", "title": "Ruby \u672c\u5730\u6587\u4ef6\u521b\u5efa\u6f0f\u6d1e(CVE-2012-4522)", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-4522"], "modified": "2012-10-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60443", "id": "SSV:60443", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4522"], "description": "Oracle Linux Local Security Checks ELSA-2013-0129", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123753", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0129", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-0129.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123753\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:08:05 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-0129\");\n script_tag(name:\"insight\", value:\"ELSA-2013-0129 - ruby security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-0129\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-0129.html\");\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~27.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:1361412562310881561", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881561", "type": "openvas", "title": "CentOS Update for ruby CESA-2013:0129 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ruby CESA-2013:0129 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2013-January/019162.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.881561\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:38:08 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\", \"CVE-2011-1005\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"CESA\", value:\"2013:0129\");\n script_name(\"CentOS Update for ruby CESA-2013:0129 centos5\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"ruby on CentOS 5\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"insight\", value:\"Ruby is an extensible, interpreted, object-oriented, scripting language. It\n has features to process text files and to do system management tasks.\n\n It was found that certain methods did not sanitize file names before\n passing them to lower layer routines in Ruby. If a Ruby application created\n files with names based on untrusted input, it could result in the creation\n of files with different names than expected. (CVE-2012-4522)\n\n It was found that the RHSA-2011:0909 update did not correctly fix the\n CVE-2011-1005 issue, a flaw in the method for translating an exception\n message into a string in the Exception class. A remote attacker could use\n this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\n code to modify arbitrary, trusted (untainted) strings, which safe level 4\n restrictions would otherwise prevent. (CVE-2012-4481)\n\n The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\n This update also fixes the following bug:\n\n * Prior to this update, the 'rb_syck_mktime' option could, under certain\n circumstances, terminate with a segmentation fault when installing\n libraries with certain gems. This update modifies the underlying code so\n that Ruby gems can be installed as expected. (BZ#834381)\n\n All users of Ruby are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-01-11T00:00:00", "id": "OPENVAS:1361412562310870876", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870876", "type": "openvas", "title": "RedHat Update for ruby RHSA-2013:0129-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2013:0129-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00012.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870876\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:41:37 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\", \"CVE-2011-1005\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"RHSA\", value:\"2013:0129-01\");\n script_name(\"RedHat Update for ruby RHSA-2013:0129-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"ruby on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Ruby is an extensible, interpreted, object-oriented, scripting language. It\n has features to process text files and to do system management tasks.\n\n It was found that certain methods did not sanitize file names before\n passing them to lower layer routines in Ruby. If a Ruby application created\n files with names based on untrusted input, it could result in the creation\n of files with different names than expected. (CVE-2012-4522)\n\n It was found that the RHSA-2011:0909 update did not correctly fix the\n CVE-2011-1005 issue, a flaw in the method for translating an exception\n message into a string in the Exception class. A remote attacker could use\n this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\n code to modify arbitrary, trusted (untainted) strings, which safe level 4\n restrictions would otherwise prevent. (CVE-2012-4481)\n\n The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\n This update also fixes the following bug:\n\n * Prior to this update, the 'rb_syck_mktime' option could, under certain\n circumstances, terminate with a segmentation fault when installing\n libraries with certain gems. This update modifies the underlying code so\n that Ruby gems can be installed as expected. (BZ#834381)\n\n All users of Ruby are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-22T13:10:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "description": "Check for the Version of ruby", "modified": "2018-01-22T00:00:00", "published": "2013-01-11T00:00:00", "id": "OPENVAS:870876", "href": "http://plugins.openvas.org/nasl.php?oid=870876", "type": "openvas", "title": "RedHat Update for ruby RHSA-2013:0129-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2013:0129-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an extensible, interpreted, object-oriented, scripting language. It\n has features to process text files and to do system management tasks.\n\n It was found that certain methods did not sanitize file names before\n passing them to lower layer routines in Ruby. If a Ruby application created\n files with names based on untrusted input, it could result in the creation\n of files with different names than expected. (CVE-2012-4522)\n\n It was found that the RHSA-2011:0909 update did not correctly fix the\n CVE-2011-1005 issue, a flaw in the method for translating an exception\n message into a string in the Exception class. A remote attacker could use\n this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\n code to modify arbitrary, trusted (untainted) strings, which safe level 4\n restrictions would otherwise prevent. (CVE-2012-4481)\n\n The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\n This update also fixes the following bug:\n\n * Prior to this update, the 'rb_syck_mktime' option could, under certain\n circumstances, terminate with a segmentation fault when installing\n libraries with certain gems. This update modifies the underlying code so\n that Ruby gems can be installed as expected. (BZ#834381)\n\n All users of Ruby are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\n\ntag_affected = \"ruby on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2013-January/msg00012.html\");\n script_id(870876);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-11 16:41:37 +0530 (Fri, 11 Jan 2013)\");\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\", \"CVE-2011-1005\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"RHSA\", value: \"2013:0129-01\");\n script_name(\"RedHat Update for ruby RHSA-2013:0129-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~27.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-22T13:10:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "description": "Check for the Version of ruby", "modified": "2018-01-22T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:881561", "href": "http://plugins.openvas.org/nasl.php?oid=881561", "type": "openvas", "title": "CentOS Update for ruby CESA-2013:0129 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ruby CESA-2013:0129 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ruby is an extensible, interpreted, object-oriented, scripting language. It\n has features to process text files and to do system management tasks.\n\n It was found that certain methods did not sanitize file names before\n passing them to lower layer routines in Ruby. If a Ruby application created\n files with names based on untrusted input, it could result in the creation\n of files with different names than expected. (CVE-2012-4522)\n \n It was found that the RHSA-2011:0909 update did not correctly fix the\n CVE-2011-1005 issue, a flaw in the method for translating an exception\n message into a string in the Exception class. A remote attacker could use\n this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\n code to modify arbitrary, trusted (untainted) strings, which safe level 4\n restrictions would otherwise prevent. (CVE-2012-4481)\n \n The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n \n This update also fixes the following bug:\n \n * Prior to this update, the &quot;rb_syck_mktime&quot; option could, under certain\n circumstances, terminate with a segmentation fault when installing\n libraries with certain gems. This update modifies the underlying code so\n that Ruby gems can be installed as expected. (BZ#834381)\n \n All users of Ruby are advised to upgrade to these updated packages, which\n contain backported patches to resolve these issues.\";\n\n\ntag_affected = \"ruby on CentOS 5\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2013-January/019162.html\");\n script_id(881561);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:38:08 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\", \"CVE-2011-1005\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"CESA\", value: \"2013:0129\");\n script_name(\"CentOS Update for ruby CESA-2013:0129 centos5 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-mode\", rpm:\"ruby-mode~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.5~27.el5\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-07-02T21:10:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4522"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-25T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:72614", "href": "http://plugins.openvas.org/nasl.php?oid=72614", "type": "openvas", "title": "FreeBSD Ports: ruby", "sourceData": "#\n#VID 3decc87d-2498-11e2-b0c7-000d601460a4\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 3decc87d-2498-11e2-b0c7-000d601460a4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: ruby\n\nCVE-2012-4522\nThe rb_get_path_check function in file.c in Ruby 1.9.3 before\npatchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent\nattackers to create files in unexpected locations or with unexpected\nnames via a NUL byte in a file path.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/\nhttps://access.redhat.com/security/cve/CVE-2012-4522/\nhttp://www.vuxml.org/freebsd/3decc87d-2498-11e2-b0c7-000d601460a4.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(72614);\n script_cve_id(\"CVE-2012-4522\");\n script_version(\"$Revision: 6022 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-25 14:51:04 +0200 (Tue, 25 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:47:33 -0500 (Mon, 26 Nov 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: ruby\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.3,1\")>0 && revcomp(a:bver, b:\"1.9.3.286,1\")<0) {\n txt += \"Package ruby version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt ));\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4522"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-12-04T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:136141256231072614", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072614", "type": "openvas", "title": "FreeBSD Ports: ruby", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_ruby14.nasl 12634 2018-12-04 07:26:26Z cfischer $\n#\n# Auto generated from VID 3decc87d-2498-11e2-b0c7-000d601460a4\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72614\");\n script_cve_id(\"CVE-2012-4522\");\n script_version(\"$Revision: 12634 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:47:33 -0500 (Mon, 26 Nov 2012)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_name(\"FreeBSD Ports: ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: ruby\n\nCVE-2012-4522\nThe rb_get_path_check function in file.c in Ruby 1.9.3 before\npatchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent\nattackers to create files in unexpected locations or with unexpected\nnames via a NUL byte in a file path.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/security/cve/CVE-2012-4522/\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/3decc87d-2498-11e2-b0c7-000d601460a4.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"ruby\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.9.3,1\")>0 && revcomp(a:bver, b:\"1.9.3.286,1\")<0) {\n txt += \"Package ruby version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:20:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1603-1", "modified": "2017-12-01T00:00:00", "published": "2012-10-11T00:00:00", "id": "OPENVAS:841184", "href": "http://plugins.openvas.org/nasl.php?oid=841184", "type": "openvas", "title": "Ubuntu Update for ruby1.8 USN-1603-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1603_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for ruby1.8 USN-1603-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted\n strings to be modified in protective safe levels. An attacker could use this\n flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1603-1\";\ntag_affected = \"ruby1.8 on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1603-1/\");\n script_id(841184);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-11 10:04:53 +0530 (Thu, 11 Oct 2012)\");\n script_cve_id(\"CVE-2012-4466\", \"CVE-2012-4481\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1603-1\");\n script_name(\"Ubuntu Update for ruby1.8 USN-1603-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.249-2ubuntu0.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.352-2ubuntu1.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.352-2ubuntu0.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.302-2ubuntu0.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-04T11:20:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1603-2", "modified": "2017-12-01T00:00:00", "published": "2012-10-31T00:00:00", "id": "OPENVAS:841203", "href": "http://plugins.openvas.org/nasl.php?oid=841203", "type": "openvas", "title": "Ubuntu Update for ruby1.8 USN-1603-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1603_2.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for ruby1.8 USN-1603-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-1603-1 fixed vulnerabilities in Ruby. This update provides the\n corresponding updates for Ubuntu 12.10.\n\n Original advisory details:\n \n Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted\n strings to be modified in protective safe levels. An attacker could use this\n flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1603-2\";\ntag_affected = \"ruby1.8 on Ubuntu 12.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1603-2/\");\n script_id(841203);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-31 17:31:35 +0530 (Wed, 31 Oct 2012)\");\n script_cve_id(\"CVE-2012-4466\", \"CVE-2012-4481\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1603-2\");\n script_name(\"Ubuntu Update for ruby1.8 USN-1603-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.358-4ubuntu0.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1603-2", "modified": "2019-03-13T00:00:00", "published": "2012-10-31T00:00:00", "id": "OPENVAS:1361412562310841203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841203", "type": "openvas", "title": "Ubuntu Update for ruby1.8 USN-1603-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1603_2.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for ruby1.8 USN-1603-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1603-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841203\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-31 17:31:35 +0530 (Wed, 31 Oct 2012)\");\n script_cve_id(\"CVE-2012-4466\", \"CVE-2012-4481\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1603-2\");\n script_name(\"Ubuntu Update for ruby1.8 USN-1603-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.10\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1603-2\");\n script_tag(name:\"affected\", value:\"ruby1.8 on Ubuntu 12.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"USN-1603-1 fixed vulnerabilities in Ruby. This update provides the\n corresponding updates for Ubuntu 12.10.\n\n Original advisory details:\n\n Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted\n strings to be modified in protective safe levels. An attacker could use this\n flaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.358-4ubuntu0.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-17T13:47:12", "description": "It was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the SLSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThis update also fixes the following bug :\n\n - Prior to this update, the 'rb_syck_mktime' option could,\n under certain circumstances, terminate with a\n segmentation fault when installing libraries with\n certain gems. This update modifies the underlying code\n so that Ruby gems can be installed as expected.", "edition": 15, "published": "2013-01-17T00:00:00", "title": "Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "modified": "2013-01-17T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ruby-libs", "p-cpe:/a:fermilab:scientific_linux:ruby-ri", "p-cpe:/a:fermilab:scientific_linux:ruby-devel", "p-cpe:/a:fermilab:scientific_linux:ruby-mode", "p-cpe:/a:fermilab:scientific_linux:ruby-irb", "p-cpe:/a:fermilab:scientific_linux:ruby-rdoc", "p-cpe:/a:fermilab:scientific_linux:ruby", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:ruby-docs", "p-cpe:/a:fermilab:scientific_linux:ruby-tcltk", "p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo"], "id": "SL_20130108_RUBY_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/63603", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63603);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1005\", \"CVE-2012-4481\", \"CVE-2012-4522\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL5.x i386/x86_64 (20130108)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the SLSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThis update also fixes the following bug :\n\n - Prior to this update, the 'rb_syck_mktime' option could,\n under certain circumstances, terminate with a\n segmentation fault when installing libraries with\n certain gems. This update modifies the underlying code\n so that Ruby gems can be installed as expected.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1301&L=scientific-linux-errata&T=0&P=1828\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3bfc260\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"ruby-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-debuginfo-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-devel-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-libs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-06T09:28:18", "description": "Updated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 25, "published": "2013-01-17T00:00:00", "title": "CentOS 5 : ruby (CESA-2013:0129)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "modified": "2013-01-17T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-rdoc", "p-cpe:/a:centos:centos:ruby-libs", "p-cpe:/a:centos:centos:ruby-mode", "p-cpe:/a:centos:centos:ruby-docs", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:ruby-ri", "p-cpe:/a:centos:centos:ruby-irb", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2013-0129.NASL", "href": "https://www.tenable.com/plugins/nessus/63574", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0129 and \n# CentOS Errata and Security Advisory 2013:0129 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63574);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\");\n script_bugtraq_id(55813, 56115);\n script_xref(name:\"RHSA\", value:\"2013:0129\");\n\n script_name(english:\"CentOS 5 : ruby (CESA-2013:0129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2013-January/019162.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af85705e\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2013-January/000429.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ccfebae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-4522\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-devel-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-libs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"CentOS-5\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T12:47:31", "description": "From Red Hat Security Advisory 2013:0129 :\n\nUpdated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : ruby (ELSA-2013-0129)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ruby-irb", "p-cpe:/a:oracle:linux:ruby-ri", "p-cpe:/a:oracle:linux:ruby-devel", "cpe:/o:oracle:linux:5", "p-cpe:/a:oracle:linux:ruby", "p-cpe:/a:oracle:linux:ruby-docs", "p-cpe:/a:oracle:linux:ruby-tcltk", "p-cpe:/a:oracle:linux:ruby-libs", "p-cpe:/a:oracle:linux:ruby-rdoc", "p-cpe:/a:oracle:linux:ruby-mode"], "id": "ORACLELINUX_ELSA-2013-0129.NASL", "href": "https://www.tenable.com/plugins/nessus/68700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2013:0129 and \n# Oracle Linux Security Advisory ELSA-2013-0129 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68700);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\");\n script_bugtraq_id(55813, 56115);\n script_xref(name:\"RHSA\", value:\"2013:0129\");\n\n script_name(english:\"Oracle Linux 5 : ruby (ELSA-2013-0129)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2013:0129 :\n\nUpdated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2013-January/003208.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/11/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"ruby-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-devel-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-libs-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\nif (rpm_check(release:\"EL5\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / ruby-mode / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:11:42", "description": "Updated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.", "edition": 25, "published": "2013-01-08T00:00:00", "title": "RHEL 5 : ruby (RHSA-2013:0129)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "modified": "2013-01-08T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ruby", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ruby-rdoc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-ri", "p-cpe:/a:redhat:enterprise_linux:ruby-mode", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2013-0129.NASL", "href": "https://www.tenable.com/plugins/nessus/63410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:0129. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63410);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-4481\", \"CVE-2012-4522\");\n script_bugtraq_id(55813, 56115);\n script_xref(name:\"RHSA\", value:\"2013:0129\");\n\n script_name(english:\"RHEL 5 : ruby (RHSA-2013:0129)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix two security issues and one bug are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to do system\nmanagement tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application\ncreated files with names based on untrusted input, it could result in\nthe creation of files with different names than expected.\n(CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug :\n\n* Prior to this update, the 'rb_syck_mktime' option could, under\ncertain circumstances, terminate with a segmentation fault when\ninstalling libraries with certain gems. This update modifies the\nunderlying code so that Ruby gems can be installed as expected.\n(BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages,\nwhich contain backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rhn.redhat.com/errata/RHSA-2011-0909.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:0129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4522\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-mode\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:0129\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-debuginfo-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-devel-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-docs-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-irb-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"ruby-libs-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-mode-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-rdoc-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-ri-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.8.5-27.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:08", "description": "New version 1.9.3 patchlevel 286 is released.\n\nA potential security flaw was found on the previous ruby that using\ncrafted string might lead to unintentional file creation. This new rpm\nwill fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-10-22T00:00:00", "title": "Fedora 17 : ruby-1.9.3.286-18.fc17 (2012-16086)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4522"], "modified": "2012-10-22T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2012-16086.NASL", "href": "https://www.tenable.com/plugins/nessus/62648", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-16086.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62648);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4522\");\n script_bugtraq_id(56115);\n script_xref(name:\"FEDORA\", value:\"2012-16086\");\n\n script_name(english:\"Fedora 17 : ruby-1.9.3.286-18.fc17 (2012-16086)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 1.9.3 patchlevel 286 is released.\n\nA potential security flaw was found on the previous ruby that using\ncrafted string might lead to unintentional file creation. This new rpm\nwill fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=865940\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?466b5531\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"ruby-1.9.3.286-18.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:08", "description": "New version 1.9.3 patchlevel 286 is released.\n\nA potential security flaw was found on the previous ruby that using\ncrafted string might lead to unintentional file creation. This new rpm\nwill fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-10-18T00:00:00", "title": "Fedora 18 : ruby-1.9.3.286-19.fc18 (2012-16071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4522"], "modified": "2012-10-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2012-16071.NASL", "href": "https://www.tenable.com/plugins/nessus/62607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-16071.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62607);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-4522\");\n script_xref(name:\"FEDORA\", value:\"2012-16071\");\n\n script_name(english:\"Fedora 18 : ruby-1.9.3.286-19.fc18 (2012-16071)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New version 1.9.3 patchlevel 286 is released.\n\nA potential security flaw was found on the previous ruby that using\ncrafted string might lead to unintentional file creation. This new rpm\nwill fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=865940\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0e243c99\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"ruby-1.9.3.286-19.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:41:48", "description": "The official ruby site reports :\n\nA vulnerability was found that file creation routines can create\nunintended files by strategically inserting NUL(s) in file paths. This\nvulnerability has been reported as CVE-2012-4522.\n\nRuby can handle arbitrary binary patterns as Strings, including NUL\nchars. On the other hand OSes and other libraries tend not. They\nusually treat a NUL as an End of String mark. So to interface them\nwith Ruby, NUL chars should properly be avoided.\n\nHowever methods like IO#open did not check the filename passed to\nthem, and just passed those strings to lower layer routines. This led\nto create unintentional files.", "edition": 22, "published": "2012-11-02T00:00:00", "title": "FreeBSD : ruby -- Unintentional file creation caused by inserting an illegal NUL character (3decc87d-2498-11e2-b0c7-000d601460a4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4522"], "modified": "2012-11-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3DECC87D249811E2B0C7000D601460A4.NASL", "href": "https://www.tenable.com/plugins/nessus/62792", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62792);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-4522\");\n\n script_name(english:\"FreeBSD : ruby -- Unintentional file creation caused by inserting an illegal NUL character (3decc87d-2498-11e2-b0c7-000d601460a4)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The official ruby site reports :\n\nA vulnerability was found that file creation routines can create\nunintended files by strategically inserting NUL(s) in file paths. This\nvulnerability has been reported as CVE-2012-4522.\n\nRuby can handle arbitrary binary patterns as Strings, including NUL\nchars. On the other hand OSes and other libraries tend not. They\nusually treat a NUL as an End of String mark. So to interface them\nwith Ruby, NUL chars should properly be avoided.\n\nHowever methods like IO#open did not check the filename passed to\nthem, and just passed those strings to lower layer routines. This led\nto create unintentional files.\"\n );\n # http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d494f86f\"\n );\n # https://access.redhat.com/security/cve/CVE-2012-4522/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2012-4522\"\n );\n # https://vuxml.freebsd.org/freebsd/3decc87d-2498-11e2-b0c7-000d601460a4.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?beb35305\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/10/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>1.9.3,1<1.9.3.286,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T06:38:30", "description": "Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed\nuntainted strings to be modified in protective safe levels. An\nattacker could use this flaw to bypass intended access restrictions.\n(CVE-2012-4466, CVE-2012-4481).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-10-11T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ruby1.8 vulnerabilities (USN-1603-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libruby1.8", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1603-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62497", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1603-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62497);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-4466\", \"CVE-2012-4481\");\n script_bugtraq_id(55757, 55813);\n script_xref(name:\"USN\", value:\"1603-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : ruby1.8 vulnerabilities (USN-1603-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed\nuntainted strings to be modified in protective safe levels. An\nattacker could use this flaw to bypass intended access restrictions.\n(CVE-2012-4466, CVE-2012-4481).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1603-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libruby1.8 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.249-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.302-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.352-2ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.352-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.8\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T06:38:30", "description": "USN-1603-1 fixed vulnerabilities in Ruby. This update provides the\ncorresponding updates for Ubuntu 12.10.\n\nShugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed\nuntainted strings to be modified in protective safe levels. An\nattacker could use this flaw to bypass intended access restrictions.\n(CVE-2012-4466, CVE-2012-4481).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2012-10-23T00:00:00", "title": "Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libruby1.8", "cpe:/o:canonical:ubuntu_linux:12.10"], "id": "UBUNTU_USN-1603-2.NASL", "href": "https://www.tenable.com/plugins/nessus/62660", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1603-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62660);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-4466\", \"CVE-2012-4481\");\n script_bugtraq_id(55757, 55813);\n script_xref(name:\"USN\", value:\"1603-2\");\n\n script_name(english:\"Ubuntu 12.10 : ruby1.8 vulnerabilities (USN-1603-2)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-1603-1 fixed vulnerabilities in Ruby. This update provides the\ncorresponding updates for Ubuntu 12.10.\n\nShugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed\nuntainted strings to be modified in protective safe levels. An\nattacker could use this flaw to bypass intended access restrictions.\n(CVE-2012-4466, CVE-2012-4481).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1603-2/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libruby1.8 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.10\", pkgname:\"libruby1.8\", pkgver:\"1.8.7.358-4ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.8\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-17T13:47:28", "description": "It was discovered that Ruby's REXML library did not properly restrict\nXML entity expansion. An attacker could use this flaw to cause a\ndenial of service by tricking a Ruby application using REXML to read\ntext nodes from specially crafted XML content, which will result in\nREXML consuming large amounts of system memory. (CVE-2013-1821)\n\nIt was found that the SLSA-2011:0910 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.", "edition": 16, "published": "2013-03-08T00:00:00", "title": "Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4481", "CVE-2013-1821", "CVE-2011-1005"], "modified": "2013-03-08T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ruby-static", "p-cpe:/a:fermilab:scientific_linux:ruby-libs", "p-cpe:/a:fermilab:scientific_linux:ruby-ri", "p-cpe:/a:fermilab:scientific_linux:ruby-devel", "p-cpe:/a:fermilab:scientific_linux:ruby-irb", "p-cpe:/a:fermilab:scientific_linux:ruby-rdoc", "p-cpe:/a:fermilab:scientific_linux:ruby", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:ruby-docs", "p-cpe:/a:fermilab:scientific_linux:ruby-tcltk", "p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo"], "id": "SL_20130307_RUBY_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/65094", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(65094);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1005\", \"CVE-2012-4481\", \"CVE-2013-1821\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20130307)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Ruby's REXML library did not properly restrict\nXML entity expansion. An attacker could use this flaw to cause a\ndenial of service by tricking a Ruby application using REXML to read\ntext nodes from specially crafted XML content, which will result in\nREXML consuming large amounts of system memory. (CVE-2013-1821)\n\nIt was found that the SLSA-2011:0910 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could\nuse this flaw to bypass safe level 4 restrictions, allowing untrusted\n(tainted) code to modify arbitrary, trusted (untainted) strings, which\nsafe level 4 restrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=2967\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?620a24f5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"ruby-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-debuginfo-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-devel-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-docs-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-irb-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-libs-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-rdoc-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-ri-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-static-1.8.7.352-10.el6_4\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"ruby-tcltk-1.8.7.352-10.el6_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1005", "CVE-2012-4481", "CVE-2012-4522"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application created\nfiles with names based on untrusted input, it could result in the creation\nof files with different names than expected. (CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could use\nthis flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\ncode to modify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug:\n\n* Prior to this update, the \"rb_syck_mktime\" option could, under certain\ncircumstances, terminate with a segmentation fault when installing\nlibraries with certain gems. This update modifies the underlying code so\nthat Ruby gems can be installed as expected. (BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n", "modified": "2017-09-08T11:51:09", "published": "2013-01-08T05:00:00", "id": "RHSA-2013:0129", "href": "https://access.redhat.com/errata/RHSA-2013:0129", "type": "redhat", "title": "(RHSA-2013:0129) Moderate: ruby security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1005", "CVE-2012-4481", "CVE-2013-1821"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nIt was discovered that Ruby's REXML library did not properly restrict XML\nentity expansion. An attacker could use this flaw to cause a denial of\nservice by tricking a Ruby application using REXML to read text nodes from\nspecially-crafted XML content, which will result in REXML consuming large\namounts of system memory. (CVE-2013-1821)\n\nIt was found that the RHSA-2011:0910 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could use\nthis flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\ncode to modify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nAll users of Ruby are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n", "modified": "2018-06-06T20:24:35", "published": "2013-03-07T05:00:00", "id": "RHSA-2013:0612", "href": "https://access.redhat.com/errata/RHSA-2013:0612", "type": "redhat", "title": "(RHSA-2013:0612) Moderate: ruby security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-11T13:32:46", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-0155", "CVE-2013-0162", "CVE-2013-0276"], "description": "OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS)\nsolution from Red Hat, and is designed for on-premise or private cloud\ndeployments.\n\nInstalling the updated packages and restarting the OpenShift services are\nthe only requirements for this update. However, if you are updating your\nsystem to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise\n1.1.1 updates, it is recommended that you restart your system.\n\nFor further information about this release, refer to the OpenShift\nEnterprise 1.1.1 Technical Notes, available shortly from\nhttps://access.redhat.com/knowledge/docs/\n\nThis update also fixes the following security issues:\n\nMultiple cross-site scripting (XSS) flaws were found in rubygem-actionpack.\nA remote attacker could use these flaws to conduct XSS attacks against\nusers of an application using rubygem-actionpack. (CVE-2012-3463,\nCVE-2012-3464, CVE-2012-3465)\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application created\nfiles with names based on untrusted input, it could result in the creation\nof files with different names than expected. (CVE-2012-4522)\n\nA denial of service flaw was found in the implementation of associative\narrays (hashes) in Ruby. An attacker able to supply a large number of\ninputs to a Ruby application (such as HTTP POST request parameters sent to\na web application) that are used as keys when inserting data into an array\ncould trigger multiple hash function collisions, making array operations\ntake an excessive amount of CPU time. To mitigate this issue, a new, more\ncollision resistant algorithm has been used to reduce the chance of an\nattacker successfully causing intentional collisions. (CVE-2012-5371)\n\nInput validation vulnerabilities were discovered in rubygem-activerecord.\nA remote attacker could possibly use these flaws to perform an SQL\ninjection attack against an application using rubygem-activerecord.\n(CVE-2012-2661, CVE-2012-2695, CVE-2013-0155)\n\nInput validation vulnerabilities were discovered in rubygem-actionpack. A\nremote attacker could possibly use these flaws to perform an SQL injection\nattack against an application using rubygem-actionpack and\nrubygem-activerecord. (CVE-2012-2660, CVE-2012-2694)\n\nA flaw was found in the HTTP digest authentication implementation in\nrubygem-actionpack. A remote attacker could use this flaw to cause a\ndenial of service of an application using rubygem-actionpack and digest\nauthentication. (CVE-2012-3424)\n\nA flaw was found in the handling of strings in Ruby safe level 4. A remote\nattacker can use Exception#to_s to destructively modify an untainted string\nso that it is tainted, the string can then be arbitrarily modified.\n(CVE-2012-4466)\n\nA flaw was found in the method for translating an exception message into a\nstring in the Ruby Exception class. A remote attacker could use this flaw\nto bypass safe level 4 restrictions, allowing untrusted (tainted) code to\nmodify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4464)\n\nIt was found that ruby_parser from rubygem-ruby_parser created a temporary\nfile in an insecure way. A local attacker could use this flaw to perform a\nsymbolic link attack, overwriting arbitrary files accessible to the\napplication using ruby_parser. (CVE-2013-0162)\n\nThe CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat\nRegional IT team.\n\nUsers are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1.\n", "modified": "2018-06-09T14:17:10", "published": "2013-02-28T05:00:00", "id": "RHSA-2013:0582", "href": "https://access.redhat.com/errata/RHSA-2013:0582", "type": "redhat", "title": "(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2020-10-30T13:25:26", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2011-1005", "CVE-2012-4522"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0129\n\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nIt was found that certain methods did not sanitize file names before\npassing them to lower layer routines in Ruby. If a Ruby application created\nfiles with names based on untrusted input, it could result in the creation\nof files with different names than expected. (CVE-2012-4522)\n\nIt was found that the RHSA-2011:0909 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could use\nthis flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\ncode to modify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nThis update also fixes the following bug:\n\n* Prior to this update, the \"rb_syck_mktime\" option could, under certain\ncircumstances, terminate with a segmentation fault when installing\nlibraries with certain gems. This update modifies the underlying code so\nthat Ruby gems can be installed as expected. (BZ#834381)\n\nAll users of Ruby are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-January/031200.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-January/006629.html\n\n**Affected packages:**\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-mode\nruby-rdoc\nruby-ri\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0129.html", "edition": 7, "modified": "2013-01-11T13:18:59", "published": "2013-01-09T20:36:59", "href": "http://lists.centos.org/pipermail/centos-announce/2013-January/031200.html", "id": "CESA-2013:0129", "title": "ruby security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-20T18:24:00", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2013-1821", "CVE-2011-1005"], "description": "**CentOS Errata and Security Advisory** CESA-2013:0612\n\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It\nhas features to process text files and to do system management tasks.\n\nIt was discovered that Ruby's REXML library did not properly restrict XML\nentity expansion. An attacker could use this flaw to cause a denial of\nservice by tricking a Ruby application using REXML to read text nodes from\nspecially-crafted XML content, which will result in REXML consuming large\namounts of system memory. (CVE-2013-1821)\n\nIt was found that the RHSA-2011:0910 update did not correctly fix the\nCVE-2011-1005 issue, a flaw in the method for translating an exception\nmessage into a string in the Exception class. A remote attacker could use\nthis flaw to bypass safe level 4 restrictions, allowing untrusted (tainted)\ncode to modify arbitrary, trusted (untainted) strings, which safe level 4\nrestrictions would otherwise prevent. (CVE-2012-4481)\n\nThe CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat.\n\nAll users of Ruby are advised to upgrade to these updated packages, which\ncontain backported patches to resolve these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/031671.html\n\n**Affected packages:**\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-rdoc\nruby-ri\nruby-static\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0612.html", "edition": 4, "modified": "2013-03-09T00:47:26", "published": "2013-03-09T00:47:26", "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/031671.html", "id": "CESA-2013:0612", "title": "ruby security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:44", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4522"], "description": "\nThe official ruby site reports:\n\nA vulnerability was found that file creation routines can create\n\t unintended files by strategically inserting NUL(s) in file paths.\n\t This vulnerability has been reported as CVE-2012-4522.\nRuby can handle arbitrary binary patterns as Strings, including\n\t NUL chars. On the other hand OSes and other libraries tend not.\n\t They usually treat a NUL as an End of String mark. So to interface\n\t them with Ruby, NUL chars should properly be avoided.\nHowever methods like IO#open did not check the filename passed to\n\t them, and just passed those strings to lower layer routines. This\n\t led to create unintentional files.\n\n", "edition": 4, "modified": "2012-10-12T00:00:00", "published": "2012-10-12T00:00:00", "id": "3DECC87D-2498-11E2-B0C7-000D601460A4", "href": "https://vuxml.freebsd.org/freebsd/3decc87d-2498-11e2-b0c7-000d601460a4.html", "title": "ruby -- Unintentional file creation caused by inserting an illegal NUL character", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4522"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2012-10-18T03:50:20", "published": "2012-10-18T03:50:20", "id": "FEDORA:D3CDB209D8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: ruby-1.9.3.286-19.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2012-10-22T01:59:29", "published": "2012-10-22T01:59:29", "id": "FEDORA:8BBD920A47", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: ruby-1.9.3.286-18.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-03-05T23:33:43", "published": "2013-03-05T23:33:43", "id": "FEDORA:D3F2E2077E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: ruby-1.9.3.392-29.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2012-11-19T02:26:49", "published": "2012-11-19T02:26:49", "id": "FEDORA:D0BBC20783", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: ruby-1.9.3.327-19.fc17", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-2065"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-05-30T02:56:37", "published": "2013-05-30T02:56:37", "id": "FEDORA:0656420CB7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: ruby-1.9.3.429-30.fc17", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-2065", "CVE-2013-4073"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-07-11T02:33:19", "published": "2013-07-11T02:33:19", "id": "FEDORA:563BE22162", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: ruby-1.9.3.448-31.fc17", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-08T23:41:22", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "USN-1603-1 fixed vulnerabilities in Ruby. This update provides the \ncorresponding updates for Ubuntu 12.10.\n\nOriginal advisory details:\n\nShugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted \nstrings to be modified in protective safe levels. An attacker could use this \nflaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)", "edition": 5, "modified": "2012-10-23T00:00:00", "published": "2012-10-23T00:00:00", "id": "USN-1603-2", "href": "https://ubuntu.com/security/notices/USN-1603-2", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-02T11:43:54", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "Shugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted \nstrings to be modified in protective safe levels. An attacker could use this \nflaw to bypass intended access restrictions. (CVE-2012-4466, CVE-2012-4481)", "edition": 5, "modified": "2012-10-10T00:00:00", "published": "2012-10-10T00:00:00", "id": "USN-1603-1", "href": "https://ubuntu.com/security/notices/USN-1603-1", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-18T01:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4466", "CVE-2012-4464", "CVE-2012-4522"], "description": "Tyler Hicks and Shugo Maeda discovered that Ruby incorrectly allowed untainted \nstrings to be modified in protective safe levels. An attacker could use this \nflaw to bypass intended access restrictions. USN-1602-1 fixed these \nvulnerabilities in other Ubuntu releases. This update provides the \ncorresponding updates for Ubuntu 12.10. (CVE-2012-4464, CVE-2012-4466)\n\nPeter Bex discovered that Ruby incorrectly handled file path strings when \nopening files. An attacker could use this flaw to open or create unexpected \nfiles. (CVE-2012-4522)", "edition": 6, "modified": "2012-10-23T00:00:00", "published": "2012-10-23T00:00:00", "id": "USN-1614-1", "href": "https://ubuntu.com/security/notices/USN-1614-1", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "Untainted strings modification is possible.", "edition": 1, "modified": "2012-10-15T00:00:00", "published": "2012-10-15T00:00:00", "id": "SECURITYVULNS:VULN:12642", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12642", "title": "Ruby restrictions bypass", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4481", "CVE-2012-4466"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1603-1\r\nOctober 10, 2012\r\n\r\nruby1.8 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n- Ubuntu 11.04\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nRuby could allow excessive access in untrusted programs.\r\n\r\nSoftware Description:\r\n- ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8\r\n\r\nDetails:\r\n\r\nShugo Maedo and Vit Ondruch discovered that Ruby incorrectly allowed untainted\r\nstrings to be modified in protective safe levels. An attacker could use this\r\nflaw to bypass intended access restrictions. &#40;CVE-2012-4466, CVE-2012-4481&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n libruby1.8 1.8.7.352-2ubuntu1.1\r\n\r\nUbuntu 11.10:\r\n libruby1.8 1.8.7.352-2ubuntu0.2\r\n\r\nUbuntu 11.04:\r\n libruby1.8 1.8.7.302-2ubuntu0.2\r\n\r\nUbuntu 10.04 LTS:\r\n libruby1.8 1.8.7.249-2ubuntu0.2\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1603-1\r\n CVE-2012-4466, CVE-2012-4481\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.1\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.302-2ubuntu0.2\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.249-2ubuntu0.2\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2012-10-15T00:00:00", "published": "2012-10-15T00:00:00", "id": "SECURITYVULNS:DOC:28628", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28628", "title": "[USN-1603-1] Ruby vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:19", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2013-1821"], "description": "[1.8.7.352-10]\n- escaping vulnerability about Exception#to_s / NameError#to_s\n * ruby-1.8.7-p371-CVE-2012-4481.patch\n - Related: rhbz#915379\n[1.8.7.352-9]\n- Fix regression introduced by fix for entity expansion DOS vulnerability\n in REXML (https://bugs.ruby-lang.org/issues/7961)\n * ruby-2.0.0-add-missing-rexml-require.patch\n- Related: rhbz#915379\n[1.8.7.352-8]\n- Addresses entity expansion DoS vulnerability in REXML.\n * ruby-2.0.0-entity-expansion-DoS-vulnerability-in-REXML.patch\n- Resolves: rhbz#915379", "edition": 4, "modified": "2013-03-07T00:00:00", "published": "2013-03-07T00:00:00", "id": "ELSA-2013-0612", "href": "http://linux.oracle.com/errata/ELSA-2013-0612.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:35:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2013-1821", "CVE-2011-1005"], "description": "**Issue Overview:**\n\nIt was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. ([CVE-2013-1821 __](<https://access.redhat.com/security/cve/CVE-2013-1821>))\n\nIt was found that the [RHSA-2011-0910 __](<https://rhn.redhat.com/errata/RHSA-2011-0910.html>) update did not correctly fix the [CVE-2011-1005 __](<https://access.redhat.com/security/cve/CVE-2011-1005>) issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. ([CVE-2012-4481 __](<https://access.redhat.com/security/cve/CVE-2012-4481>))\n\nThe safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. ([CVE-2011-1005 __](<https://access.redhat.com/security/cve/CVE-2011-1005>))\n\n \n**Affected Packages:** \n\n\nruby\n\n \n**Issue Correction:** \nRun _yum update ruby_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n ruby-ri-1.8.7.371-2.25.amzn1.i686 \n ruby-1.8.7.371-2.25.amzn1.i686 \n ruby-devel-1.8.7.371-2.25.amzn1.i686 \n ruby-libs-1.8.7.371-2.25.amzn1.i686 \n ruby-static-1.8.7.371-2.25.amzn1.i686 \n ruby-debuginfo-1.8.7.371-2.25.amzn1.i686 \n \n noarch: \n ruby-irb-1.8.7.371-2.25.amzn1.noarch \n ruby-rdoc-1.8.7.371-2.25.amzn1.noarch \n \n src: \n ruby-1.8.7.371-2.25.amzn1.src \n \n x86_64: \n ruby-ri-1.8.7.371-2.25.amzn1.x86_64 \n ruby-libs-1.8.7.371-2.25.amzn1.x86_64 \n ruby-static-1.8.7.371-2.25.amzn1.x86_64 \n ruby-1.8.7.371-2.25.amzn1.x86_64 \n ruby-devel-1.8.7.371-2.25.amzn1.x86_64 \n ruby-debuginfo-1.8.7.371-2.25.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-03-14T22:04:00", "published": "2013-03-14T22:04:00", "id": "ALAS-2013-173", "href": "https://alas.aws.amazon.com/ALAS-2013-173.html", "title": "Medium: ruby", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:27:56", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0256", "CVE-2015-1855", "CVE-2011-0188", "CVE-2011-2705", "CVE-2012-4522", "CVE-2013-2065"], "description": "Package : ruby1.9.1\nVersion : 1.9.2.0-2+deb6u4\nCVE ID : CVE-2011-0188 CVE-2011-2705 CVE-2012-4522 CVE-2013-0256\n CVE-2013-2065 CVE-2015-1855\n\nCVE-2011-0188\n The VpMemAlloc function in bigdecimal.c in the BigDecimal class in\n Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7\n and other platforms, does not properly allocate memory, which allows\n context-dependent attackers to execute arbitrary code or cause a\n denial of service (application crash) via vectors involving creation\n of a large BigDecimal value within a 64-bit process, related to an\n &quot;integer truncation issue.&quot;\n\nCVE-2011-2705\n use upstream SVN r32050 to modify PRNG state to prevent random number\n sequence repeatation at forked child process which has same pid.\n Reported by Eric Wong.\n\nCVE-2012-4522\n The rb_get_path_check function in file.c in Ruby 1.9.3 before\n patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent\n attackers to create files in unexpected locations or with unexpected\n names via a NUL byte in a file path.\n\nCVE-2013-0256\n darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before\n 4.0.0.preview2.1, as used in Ruby, does not properly generate\n documents, which allows remote attackers to conduct cross-site\n scripting (XSS) attacks via a crafted URL.\n\nCVE-2013-2065\n (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426,\n and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for\n native functions, which allows context-dependent attackers to bypass\n intended $SAFE level restrictions.\n\nCVE-2015-1855\n OpenSSL extension hostname matching implementation violates RFC 6125\n\n", "edition": 9, "modified": "2015-05-30T21:00:23", "published": "2015-05-30T21:00:23", "id": "DEBIAN:DLA-235-1:FDEBD", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201505/msg00020.html", "title": "[SECURITY] [DLA 235-1] ruby1.9.1 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2012-5371", "CVE-2011-0188", "CVE-2013-0269", "CVE-2014-8090", "CVE-2013-1821", "CVE-2011-1005", "CVE-2014-8080", "CVE-2011-1004", "CVE-2013-4164", "CVE-2011-4815"], "description": "### Background\n\nRuby is an object-oriented scripting language.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Ruby 1.9 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.9.3_p551\"\n \n\nAll Ruby 2.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-2.0.0_p598\"", "edition": 1, "modified": "2014-12-13T00:00:00", "published": "2014-12-13T00:00:00", "id": "GLSA-201412-27", "href": "https://security.gentoo.org/glsa/201412-27", "type": "gentoo", "title": "Ruby: Denial of Service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}