DATABASE RESOURCES PRICING ABOUT US

{"id": "OSV:DLA-1421-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "ruby2.1 - security update", "description": "\nMultiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\n\n* [CVE-2015-9096](https://security-tracker.debian.org/tracker/CVE-2015-9096)\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\n or MAIL FROM command.\n* [CVE-2016-2339](https://security-tracker.debian.org/tracker/CVE-2016-2339)\nExploitable heap overflow in Fiddle::Function.new.\n* [CVE-2016-7798](https://security-tracker.debian.org/tracker/CVE-2016-7798)\nIncorrect handling of initialization vector in the GCM mode in the\n OpenSSL extension.\n* [CVE-2017-0898](https://security-tracker.debian.org/tracker/CVE-2017-0898)\nBuffer underrun vulnerability in Kernel.sprintf.\n* [CVE-2017-0899](https://security-tracker.debian.org/tracker/CVE-2017-0899)\nANSI escape sequence vulnerability in RubyGems.\n* [CVE-2017-0900](https://security-tracker.debian.org/tracker/CVE-2017-0900)\nDoS vulnerability in the RubyGems query command.\n* [CVE-2017-0901](https://security-tracker.debian.org/tracker/CVE-2017-0901)\ngem installer allowed a malicious gem to overwrite arbitrary files.\n* [CVE-2017-0902](https://security-tracker.debian.org/tracker/CVE-2017-0902)\nRubyGems DNS request hijacking vulnerability.\n* [CVE-2017-0903](https://security-tracker.debian.org/tracker/CVE-2017-0903)\nMax Justicz reported that RubyGems is prone to an unsafe object\n deserialization vulnerability. When parsed by an application which\n processes gems, a specially crafted YAML formatted gem specification\n can lead to remote code execution.\n* [CVE-2017-10784](https://security-tracker.debian.org/tracker/CVE-2017-10784)\nYusuke Endoh discovered an escape sequence injection vulnerability in\n the Basic authentication of WEBrick. An attacker can take advantage of\n this flaw to inject malicious escape sequences to the WEBrick log and\n potentially execute control characters on the victim's terminal\n emulator when reading logs.\n* [CVE-2017-14033](https://security-tracker.debian.org/tracker/CVE-2017-14033)\nasac reported a buffer underrun vulnerability in the OpenSSL\n extension. A remote attacker could take advantage of this flaw to\n cause the Ruby interpreter to crash leading to a denial of service.\n* [CVE-2017-14064](https://security-tracker.debian.org/tracker/CVE-2017-14064)\nHeap memory disclosure in the JSON library.\n* [CVE-2017-17405](https://security-tracker.debian.org/tracker/CVE-2017-17405)\nA command injection vulnerability in Net::FTP might allow a\n malicious FTP server to execute arbitrary commands.\n* [CVE-2017-17742](https://security-tracker.debian.org/tracker/CVE-2017-17742)\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\n to an HTTP response splitting vulnerability. It was possible for an\n attacker to inject fake HTTP responses if a script accepted an\n external input and output it without modifications.\n* [CVE-2017-17790](https://security-tracker.debian.org/tracker/CVE-2017-17790)\nA command injection vulnerability in lib/resolv.rb's lazy\\_initialze\n might allow a command injection attack. However untrusted input to\n this function is rather unlikely.\n* [CVE-2018-6914](https://security-tracker.debian.org/tracker/CVE-2018-6914)\nooooooo\\_q discovered a directory traversal vulnerability in the\n Dir.mktmpdir method in the tmpdir library. It made it possible for\n attackers to create arbitrary directories or files via a .. (dot dot)\n in the prefix argument.\n* [CVE-2018-8777](https://security-tracker.debian.org/tracker/CVE-2018-8777)\nEric Wong reported an out-of-memory DoS vulnerability related to a\n large request in WEBrick bundled with Ruby.\n* [CVE-2018-8778](https://security-tracker.debian.org/tracker/CVE-2018-8778)\naerodudrizzt found a buffer under-read vulnerability in the Ruby\n String#unpack method. If a big number was passed with the specifier @,\n the number was treated as a negative value, and an out-of-buffer read\n occurred. Attackers could read data on heaps if an script accepts an\n external input as the argument of String#unpack.\n* [CVE-2018-8779](https://security-tracker.debian.org/tracker/CVE-2018-8779)\nooooooo\\_q reported that the UNIXServer.open and UNIXSocket.open\n methods of the socket library bundled with Ruby did not check for NUL\n bytes in the path argument. The lack of check made the methods\n vulnerable to unintentional socket creation and unintentional socket\n access.\n* [CVE-2018-8780](https://security-tracker.debian.org/tracker/CVE-2018-8780)\nooooooo\\_q discovered an unintentional directory traversal in\n some methods in Dir, by the lack of checking for NUL bytes in their\n parameter.\n* [CVE-2018-1000075](https://security-tracker.debian.org/tracker/CVE-2018-1000075)\nA negative size vulnerability in ruby gem package tar header that could\n cause an infinite loop.\n* [CVE-2018-1000076](https://security-tracker.debian.org/tracker/CVE-2018-1000076)\nRubyGems package improperly verifies cryptographic signatures. A mis-signed\n gem could be installed if the tarball contains multiple gem signatures.\n* [CVE-2018-1000077](https://security-tracker.debian.org/tracker/CVE-2018-1000077)\nAn improper input validation vulnerability in RubyGems specification\n homepage attribute could allow malicious gem to set an invalid homepage\n URL.\n* [CVE-2018-1000078](https://security-tracker.debian.org/tracker/CVE-2018-1000078)\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\n attribute.\n* [CVE-2018-1000079](https://security-tracker.debian.org/tracker/CVE-2018-1000079)\nPath Traversal vulnerability during gem installation.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.1.5-2+deb8u4.\n\n\nWe recommend that you upgrade your ruby2.1 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "published": "2018-07-14T00:00:00", "modified": "2023-06-28T06:20:41", "epss": [{"cve": "CVE-2015-9096", "epss": 0.00341, "percentile": 0.6739, "modified": "2023-06-25"}, {"cve": "CVE-2016-2339", "epss": 0.0105, "percentile": 0.81897, "modified": "2023-06-03"}, {"cve": "CVE-2016-7798", "epss": 0.00383, "percentile": 0.69143, "modified": "2023-06-03"}, {"cve": "CVE-2017-0898", "epss": 0.02228, "percentile": 0.87926, "modified": "2023-06-25"}, {"cve": "CVE-2017-0899", "epss": 0.02995, "percentile": 0.89486, "modified": "2023-06-25"}, {"cve": "CVE-2017-0900", "epss": 0.02546, "percentile": 0.88674, "modified": "2023-06-25"}, {"cve": "CVE-2017-0901", "epss": 0.00799, "percentile": 0.79247, "modified": "2023-06-25"}, {"cve": "CVE-2017-0902", "epss": 0.01051, "percentile": 0.81961, "modified": "2023-06-25"}, {"cve": "CVE-2017-0903", "epss": 0.0983, "percentile": 0.93981, "modified": "2023-06-25"}, {"cve": "CVE-2017-10784", "epss": 0.01607, "percentile": 0.8563, "modified": "2023-06-25"}, {"cve": "CVE-2017-14033", "epss": 0.01312, "percentile": 0.84021, "modified": "2023-06-23"}, {"cve": "CVE-2017-14064", "epss": 0.00801, "percentile": 0.79255, "modified": "2023-06-23"}, {"cve": "CVE-2017-17405", "epss": 0.94978, "percentile": 0.98938, "modified": "2023-06-23"}, {"cve": "CVE-2017-17742", "epss": 0.00914, "percentile": 0.80604, "modified": "2023-06-23"}, {"cve": "CVE-2017-17790", "epss": 0.028, "percentile": 0.89171, "modified": "2023-06-23"}, {"cve": "CVE-2018-1000075", "epss": 0.0192, "percentile": 0.8689, "modified": "2023-06-19"}, {"cve": "CVE-2018-1000076", "epss": 0.02168, "percentile": 0.87746, "modified": "2023-06-19"}, {"cve": "CVE-2018-1000077", "epss": 0.00575, "percentile": 0.74872, "modified": "2023-06-19"}, {"cve": "CVE-2018-1000078", "epss": 0.01044, "percentile": 0.81894, "modified": "2023-06-19"}, {"cve": "CVE-2018-1000079", "epss": 0.01031, "percentile": 0.8177, "modified": "2023-06-19"}, {"cve": "CVE-2018-6914", "epss": 0.00292, "percentile": 0.64703, "modified": "2023-06-23"}, {"cve": "CVE-2018-8777", "epss": 0.01157, "percentile": 0.82896, "modified": "2023-06-23"}, {"cve": "CVE-2018-8778", "epss": 0.0051, "percentile": 0.73307, "modified": "2023-06-23"}, {"cve": "CVE-2018-8779", "epss": 0.00373, "percentile": 0.68828, "modified": "2023-06-23"}, {"cve": "CVE-2018-8780", "epss": 0.00256, "percentile": 0.62177, "modified": "2023-06-23"}], "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 9.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://osv.dev/vulnerability/DLA-1421-1", "reporter": "Google", "references": ["https://www.debian.org/lts/security/2018/dla-1421"], "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "immutableFields": [], "lastseen": "2023-06-28T06:20:46", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2017-0898", "ALPINE:CVE-2017-0899", "ALPINE:CVE-2017-0900", "ALPINE:CVE-2017-0901", "ALPINE:CVE-2017-0902", "ALPINE:CVE-2017-10784", "ALPINE:CVE-2017-14033", "ALPINE:CVE-2017-14064", "ALPINE:CVE-2017-17405", "ALPINE:CVE-2017-17742", "ALPINE:CVE-2018-6914", "ALPINE:CVE-2018-8777", "ALPINE:CVE-2018-8778", "ALPINE:CVE-2018-8779", "ALPINE:CVE-2018-8780", "ALPINE:CVE-2019-16254"]}, {"type": "amazon", "idList": ["ALAS-2017-880", "ALAS-2017-906", "ALAS-2017-915", "ALAS-2018-978", "ALAS-2018-983", "ALAS-2020-1422", "ALAS2-2018-983", "ALAS2-2019-1276"]}, {"type": "apple", "idList": ["APPLE:395E729CF93F555C415D358DB1C43E9A", "APPLE:CCBE145FF9FF633165B1339D00B64FBE", "APPLE:HT208937", "APPLE:HT209193"]}, {"type": "archlinux", "idList": ["ASA-201910-2", "ASA-201910-5"]}, {"type": "centos", "idList": ["CESA-2018:0378", "CESA-2019:2028"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-0786"]}, {"type": "cve", "idList": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780", "CVE-2019-16254"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1112-1:73A63", "DEBIAN:DLA-1113-1:5D775", "DEBIAN:DLA-1114-1:DA09C", "DEBIAN:DLA-1221-1:ED521", "DEBIAN:DLA-1222-1:52952", "DEBIAN:DLA-1336-1:6D7A9", "DEBIAN:DLA-1337-1:96561", "DEBIAN:DLA-1358-1:90D15", "DEBIAN:DLA-1359-1:34A55", "DEBIAN:DLA-1421-1:5BC60", "DEBIAN:DLA-1796-1:396E7", "DEBIAN:DLA-1796-1:B8D0E", "DEBIAN:DLA-2007-1:ADCBE", "DEBIAN:DLA-2027-1:E0E48", "DEBIAN:DLA-2027-1:EAF7A", "DEBIAN:DLA-2330-1:B8DE4", "DEBIAN:DSA-3966-1:856A1", "DEBIAN:DSA-4031-1:AC0D9", "DEBIAN:DSA-4031-1:E476F", "DEBIAN:DSA-4219-1:390E1", "DEBIAN:DSA-4219-1:E4A25", "DEBIAN:DSA-4259-1:4394F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-9096", "DEBIANCVE:CVE-2016-2339", "DEBIANCVE:CVE-2016-7798", "DEBIANCVE:CVE-2017-0898", "DEBIANCVE:CVE-2017-0899", "DEBIANCVE:CVE-2017-0900", "DEBIANCVE:CVE-2017-0901", "DEBIANCVE:CVE-2017-0902", "DEBIANCVE:CVE-2017-0903", "DEBIANCVE:CVE-2017-10784", "DEBIANCVE:CVE-2017-14033", "DEBIANCVE:CVE-2017-14064", "DEBIANCVE:CVE-2017-17405", "DEBIANCVE:CVE-2017-17742", "DEBIANCVE:CVE-2017-17790", "DEBIANCVE:CVE-2018-1000075", "DEBIANCVE:CVE-2018-1000076", "DEBIANCVE:CVE-2018-1000077", "DEBIANCVE:CVE-2018-1000078", "DEBIANCVE:CVE-2018-1000079", "DEBIANCVE:CVE-2018-6914", "DEBIANCVE:CVE-2018-8777", "DEBIANCVE:CVE-2018-8778", "DEBIANCVE:CVE-2018-8779", "DEBIANCVE:CVE-2018-8780", "DEBIANCVE:CVE-2019-16254"]}, {"type": "exploitdb", "idList": ["EDB-ID:43381"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:57490CE94334ED1833A4BB4813DF5DBA"]}, {"type": "f5", "idList": ["F5:K01730454", "F5:K30215094", "F5:K52952871", "F5:K80173446", "F5:K84262603", "F5:K91125274"]}, {"type": "fedora", "idList": ["FEDORA:009C660129DA", "FEDORA:088B06056091", "FEDORA:16FA760E0F1F", "FEDORA:25C2160C79BC", "FEDORA:2F4476087D71", "FEDORA:2FE52602F595", "FEDORA:444C26012FEA", "FEDORA:46BE0604D0C3", "FEDORA:605EC60A618F", "FEDORA:B7F0960779B4", "FEDORA:BDC5661615F6", "FEDORA:C441860BEEC4", "FEDORA:E680D6015E29", "FEDORA:E6D0D60C3A66", "FEDORA:EB90F61CDEB4"]}, {"type": "freebsd", "idList": ["2C8BD00D-ADA2-11E7-82AF-8DBFF7D75206", "95B01379-9D52-11E7-A25C-471BAFC3262F", "DD644964-E10E-11E7-8097-0800271D4B9C", "EB69BCF2-18EF-4AA2-BB0C-83B263364089"]}, {"type": "gentoo", "idList": ["GLSA-201710-01", "GLSA-201710-18", "GLSA-201802-05"]}, {"type": "github", "idList": ["GHSA-6H88-QJPV-P32M", "GHSA-73W7-6W9G-GC8W", "GHSA-74PV-V9GH-H25P", "GHSA-7GCP-2GMQ-W3XH", "GHSA-87QX-G5WG-MWMJ", "GHSA-8QXG-MFF5-J3WC", "GHSA-GV86-43RV-79M2", "GHSA-MC6J-H948-V2P6", "GHSA-MQWR-4QF2-2HCV", "GHSA-P7F2-RR42-M9XM", "GHSA-PM9X-4392-2C2P"]}, {"type": "hackerone", "idList": ["H1:153794", "H1:209949", "H1:212241", "H1:218088", "H1:223363", "H1:226335", "H1:243003", "H1:243156", "H1:274267", "H1:274990", "H1:294462", "H1:298246", "H1:302298", "H1:302338", "H1:302997", "H1:331984"]}, {"type": "ibm", "idList": ["31359A37AFB010E466A90578BA823420CC754A700E094BB76117E922CAC2B160"]}, {"type": "mageia", "idList": ["MGASA-2016-0342", "MGASA-2017-0290", "MGASA-2017-0371", "MGASA-2017-0482", "MGASA-2017-0486", "MGASA-2018-0411", "MGASA-2019-0062", "MGASA-2020-0243", "MGASA-2020-0440"]}, {"type": "nessus", "idList": ["AL2_ALAS-2018-983.NASL", "AL2_ALAS-2019-1276.NASL", "ALA_ALAS-2017-880.NASL", "ALA_ALAS-2017-906.NASL", "ALA_ALAS-2017-915.NASL", "ALA_ALAS-2018-978.NASL", "ALA_ALAS-2018-983.NASL", "ALA_ALAS-2020-1422.NASL", "CENTOS_RHSA-2018-0378.NASL", "CENTOS_RHSA-2019-2028.NASL", "DEBIAN_DLA-1112.NASL", "DEBIAN_DLA-1113.NASL", "DEBIAN_DLA-1114.NASL", "DEBIAN_DLA-1221.NASL", "DEBIAN_DLA-1222.NASL", "DEBIAN_DLA-1336.NASL", "DEBIAN_DLA-1337.NASL", "DEBIAN_DLA-1358.NASL", "DEBIAN_DLA-1359.NASL", "DEBIAN_DLA-1421.NASL", "DEBIAN_DLA-1796.NASL", "DEBIAN_DLA-2007.NASL", "DEBIAN_DLA-2027.NASL", "DEBIAN_DLA-2330.NASL", "DEBIAN_DLA-3408.NASL", "DEBIAN_DSA-3966.NASL", "DEBIAN_DSA-4031.NASL", "DEBIAN_DSA-4219.NASL", "DEBIAN_DSA-4259.NASL", "EULEROS_SA-2017-1050.NASL", "EULEROS_SA-2017-1051.NASL", "EULEROS_SA-2018-1029.NASL", "EULEROS_SA-2018-1030.NASL", "EULEROS_SA-2018-1066.NASL", "EULEROS_SA-2018-1067.NASL", "EULEROS_SA-2018-1108.NASL", "EULEROS_SA-2018-1143.NASL", "EULEROS_SA-2018-1206.NASL", "EULEROS_SA-2018-1207.NASL", "EULEROS_SA-2018-1248.NASL", "EULEROS_SA-2018-1275.NASL", "EULEROS_SA-2018-1347.NASL", "EULEROS_SA-2019-1407.NASL", "EULEROS_SA-2019-1428.NASL", "EULEROS_SA-2019-1617.NASL", "EULEROS_SA-2019-1868.NASL", "EULEROS_SA-2019-1990.NASL", "EULEROS_SA-2019-2230.NASL", "EULEROS_SA-2019-2250.NASL", "EULEROS_SA-2020-1031.NASL", "EULEROS_SA-2020-1051.NASL", "EULEROS_SA-2020-1130.NASL", "EULEROS_SA-2020-1195.NASL", "EULEROS_SA-2020-1432.NASL", "EULEROS_SA-2020-1443.NASL", "EULEROS_SA-2020-1548.NASL", "EULEROS_SA-2020-2139.NASL", "EULEROS_SA-2020-2395.NASL", "EULEROS_SA-2021-1845.NASL", "EULEROS_SA-2021-2445.NASL", "FEDORA_2017-20214AD330.NASL", "FEDORA_2017-4166994614.NASL", "FEDORA_2017-7FAA3D2E78.NASL", "FEDORA_2017-81CF93B7C2.NASL", "FEDORA_2017-E136D63C99.NASL", "FEDORA_2017-F16BA664E7.NASL", "FEDORA_2017-F318871E3B.NASL", "FEDORA_2018-1FFFA787E7.NASL", "FEDORA_2018-40ED78700C.NASL", "FEDORA_2018-75E780A7C2.NASL", "FEDORA_2018-A459ACD54B.NASL", "FEDORA_2018-DD8162C004.NASL", "FREEBSD_PKG_2C8BD00DADA211E782AF8DBFF7D75206.NASL", "FREEBSD_PKG_95B013799D5211E7A25C471BAFC3262F.NASL", "FREEBSD_PKG_DD644964E10E11E780970800271D4B9C.NASL", "FREEBSD_PKG_EB69BCF218EF4AA2BB0C83B263364089.NASL", "GENTOO_GLSA-201710-01.NASL", "GENTOO_GLSA-201710-18.NASL", "GENTOO_GLSA-201802-05.NASL", "MACOSX_SECUPD2018-004.NASL", "MACOSX_SECUPD2018-005.NASL", "MACOS_10_13_6.NASL", "NEWSTART_CGSL_NS-SA-2019-0013_RUBY.NASL", "NEWSTART_CGSL_NS-SA-2019-0221_RUBY.NASL", "NEWSTART_CGSL_NS-SA-2019-0245_RUBY.NASL", "OPENSUSE-2017-435.NASL", "OPENSUSE-2017-527.NASL", "OPENSUSE-2019-1771.NASL", "ORACLELINUX_ELSA-2018-0378.NASL", "ORACLELINUX_ELSA-2021-2587.NASL", "ORACLELINUX_ELSA-2021-2588.NASL", "PHOTONOS_PHSA-2017-0002.NASL", "PHOTONOS_PHSA-2017-0002_RUBY.NASL", "PHOTONOS_PHSA-2017-0034.NASL", "PHOTONOS_PHSA-2017-0034_RUBY.NASL", "PHOTONOS_PHSA-2017-0037.NASL", "PHOTONOS_PHSA-2017-0037_RUBY.NASL", "PHOTONOS_PHSA-2018-1_0-0098-A.NASL", "PHOTONOS_PHSA-2018-1_0-0098-A_RUBY.NASL", "PHOTONOS_PHSA-2018-1_0-0100.NASL", "PHOTONOS_PHSA-2018-1_0-0100_RUBY.NASL", "PHOTONOS_PHSA-2018-2_0-0011-A.NASL", "PHOTONOS_PHSA-2018-2_0-0011-A_RUBY.NASL", "PHOTONOS_PHSA-2018-2_0-0013.NASL", "PHOTONOS_PHSA-2018-2_0-0013_RUBY.NASL", "REDHAT-RHSA-2018-0378.NASL", "REDHAT-RHSA-2019-2028.NASL", "REDHAT-RHSA-2019-2806.NASL", "REDHAT-RHSA-2020-0542.NASL", "REDHAT-RHSA-2020-0591.NASL", "REDHAT-RHSA-2020-0663.NASL", "REDHAT-RHSA-2020-1963.NASL", "REDHAT-RHSA-2020-2212.NASL", "REDHAT-RHSA-2020-2288.NASL", "ROCKY_LINUX_RLSA-2021-2587.NASL", "ROCKY_LINUX_RLSA-2021-2588.NASL", "SLACKWARE_SSA_2017-261-03.NASL", "SLACKWARE_SSA_2017-353-01.NASL", "SLACKWARE_SSA_2018-088-01.NASL", "SL_20180228_RUBY_ON_SL7_X.NASL", "SL_20190806_RUBY_ON_SL7_X.NASL", "SUSE_SU-2017-1067-1.NASL", "SUSE_SU-2019-1804-1.NASL", "SUSE_SU-2020-1570-1.NASL", "UBUNTU_USN-3365-1.NASL", "UBUNTU_USN-3439-1.NASL", "UBUNTU_USN-3515-1.NASL", "UBUNTU_USN-3528-1.NASL", "UBUNTU_USN-3553-1.NASL", "UBUNTU_USN-3621-1.NASL", "UBUNTU_USN-3621-2.NASL", "UBUNTU_USN-3685-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703966", "OPENVAS:1361412562310704031", "OPENVAS:1361412562310704219", "OPENVAS:1361412562310704259", "OPENVAS:1361412562310814421", "OPENVAS:1361412562310843256", "OPENVAS:1361412562310843684", "OPENVAS:1361412562310843690", "OPENVAS:1361412562310843695", "OPENVAS:1361412562310843725", "OPENVAS:1361412562310843742", "OPENVAS:1361412562310843749", "OPENVAS:1361412562310843784", "OPENVAS:1361412562310843791", "OPENVAS:1361412562310851531", "OPENVAS:1361412562310851543", "OPENVAS:1361412562310852623", "OPENVAS:1361412562310873215", "OPENVAS:1361412562310873220", "OPENVAS:1361412562310873307", "OPENVAS:1361412562310873354", "OPENVAS:1361412562310873376", "OPENVAS:1361412562310873953", "OPENVAS:1361412562310874041", "OPENVAS:1361412562310874125", "OPENVAS:1361412562310874180", "OPENVAS:1361412562310874232", "OPENVAS:1361412562310874622", "OPENVAS:1361412562310874655", "OPENVAS:1361412562310882847", "OPENVAS:1361412562310891112", "OPENVAS:1361412562310891113", "OPENVAS:1361412562310891114", "OPENVAS:1361412562310891336", "OPENVAS:1361412562310891337", "OPENVAS:1361412562310891358", "OPENVAS:1361412562310891359", "OPENVAS:1361412562310891421", "OPENVAS:1361412562310891796", "OPENVAS:1361412562310892007", "OPENVAS:1361412562310892027", "OPENVAS:1361412562311220171050", "OPENVAS:1361412562311220171051", "OPENVAS:1361412562311220181029", "OPENVAS:1361412562311220181030", "OPENVAS:1361412562311220181066", "OPENVAS:1361412562311220181067", "OPENVAS:1361412562311220181108", "OPENVAS:1361412562311220181143", "OPENVAS:1361412562311220181206", "OPENVAS:1361412562311220181207", "OPENVAS:1361412562311220181248", "OPENVAS:1361412562311220181275", "OPENVAS:1361412562311220181347", "OPENVAS:1361412562311220191407", "OPENVAS:1361412562311220191428", "OPENVAS:1361412562311220191868", "OPENVAS:1361412562311220191990", "OPENVAS:1361412562311220192230", "OPENVAS:1361412562311220192250", "OPENVAS:1361412562311220201031", "OPENVAS:1361412562311220201051", "OPENVAS:1361412562311220201130", "OPENVAS:1361412562311220201195", "OPENVAS:1361412562311220201432", "OPENVAS:1361412562311220201443", "OPENVAS:1361412562311220201548"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0378", "ELSA-2019-2028"]}, {"type": "osv", "idList": ["OSV:CVE-2017-0898", "OSV:CVE-2017-14033", "OSV:CVE-2017-17742", "OSV:CVE-2019-16254", "OSV:DLA-1112-1", "OSV:DLA-1113-1", "OSV:DLA-1114-1", "OSV:DLA-1221-1", "OSV:DLA-1222-1", "OSV:DLA-1336-1", "OSV:DLA-1337-1", "OSV:DLA-1358-1", "OSV:DLA-1359-1", "OSV:DLA-1796-1", "OSV:DLA-2007-1", "OSV:DLA-2330-1", "OSV:DLA-3408-1", "OSV:DSA-3966-1", "OSV:DSA-4031-1", "OSV:DSA-4219-1", "OSV:DSA-4259-1", "OSV:GHSA-6H88-QJPV-P32M", "OSV:GHSA-73W7-6W9G-GC8W", "OSV:GHSA-74PV-V9GH-H25P", "OSV:GHSA-7GCP-2GMQ-W3XH", "OSV:GHSA-87QX-G5WG-MWMJ", "OSV:GHSA-8QXG-MFF5-J3WC", "OSV:GHSA-GV86-43RV-79M2", "OSV:GHSA-MC6J-H948-V2P6", "OSV:GHSA-MQWR-4QF2-2HCV", "OSV:GHSA-P7F2-RR42-M9XM", "OSV:GHSA-PM9X-4392-2C2P"]}, {"type": "photon", "idList": ["PHSA-2017-0034", "PHSA-2017-0070", "PHSA-2017-0076", "PHSA-2018-0011", "PHSA-2018-0013", "PHSA-2018-0098", "PHSA-2018-1.0-0098-A", "PHSA-2018-1.0-0100", "PHSA-2018-2.0-0011-A", "PHSA-2018-2.0-0013"]}, {"type": "redhat", "idList": ["RHSA-2017:3485", "RHSA-2018:0378", "RHSA-2018:0583", "RHSA-2018:0584", "RHSA-2018:0585", "RHSA-2018:3729", "RHSA-2018:3730", "RHSA-2018:3731", "RHSA-2019:2028", "RHSA-2019:2806", "RHSA-2020:0542", "RHSA-2020:0591", "RHSA-2020:0663", "RHSA-2020:1963", "RHSA-2020:2212", "RHSA-2020:2288"]}, {"type": "redhatcve", "idList": ["RH:CVE-2015-9096", "RH:CVE-2016-2339", "RH:CVE-2016-7798", "RH:CVE-2017-0898", "RH:CVE-2017-0899", "RH:CVE-2017-0900", "RH:CVE-2017-0901", "RH:CVE-2017-0902", "RH:CVE-2017-0903", "RH:CVE-2017-10784", "RH:CVE-2017-14033", "RH:CVE-2017-14064", "RH:CVE-2017-17405", "RH:CVE-2017-17742", "RH:CVE-2017-17790", "RH:CVE-2018-1000075", "RH:CVE-2018-1000076", "RH:CVE-2018-1000077", "RH:CVE-2018-1000078", "RH:CVE-2018-1000079", "RH:CVE-2018-6914", "RH:CVE-2018-8777", "RH:CVE-2018-8778", "RH:CVE-2018-8779", "RH:CVE-2018-8780", "RH:CVE-2019-16254"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1966"]}, {"type": "rubygems", "idList": ["RUBY:RUBY-2017-17790", "RUBY:RUBY-2019-16254"]}, {"type": "seebug", "idList": ["SSV:96759", "SSV:96996"]}, {"type": "slackware", "idList": ["SSA-2017-261-03", "SSA-2017-353-01", "SSA-2018-088-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0933-1", "OPENSUSE-SU-2017:1128-1", "OPENSUSE-SU-2019:1771-1", "SUSE-SU-2017:0914-1", "SUSE-SU-2017:1067-1"]}, {"type": "talos", "idList": ["TALOS-2016-0034"]}, {"type": "ubuntu", "idList": ["USN-3365-1", "USN-3439-1", "USN-3515-1", "USN-3528-1", "USN-3553-1", "USN-3621-1", "USN-3621-2", "USN-3626-1", "USN-3685-1", "USN-3685-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-9096", "UB:CVE-2016-2339", "UB:CVE-2016-7798", "UB:CVE-2017-0898", "UB:CVE-2017-0899", "UB:CVE-2017-0900", "UB:CVE-2017-0901", "UB:CVE-2017-0902", "UB:CVE-2017-0903", "UB:CVE-2017-10784", "UB:CVE-2017-14033", "UB:CVE-2017-14064", "UB:CVE-2017-17405", "UB:CVE-2017-17742", "UB:CVE-2017-17790", "UB:CVE-2018-1000075", "UB:CVE-2018-1000076", "UB:CVE-2018-1000077", "UB:CVE-2018-1000078", "UB:CVE-2018-1000079", "UB:CVE-2018-6914", "UB:CVE-2018-8777", "UB:CVE-2018-8778", "UB:CVE-2018-8779", "UB:CVE-2018-8780", "UB:CVE-2019-16254"]}, {"type": "veracode", "idList": ["VERACODE:12741", "VERACODE:12755", "VERACODE:13200", "VERACODE:18921", "VERACODE:18922", "VERACODE:18923", "VERACODE:18924", "VERACODE:18925", "VERACODE:18926", "VERACODE:18927", "VERACODE:19113", "VERACODE:19115", "VERACODE:19708", "VERACODE:19709", "VERACODE:19710", "VERACODE:19711", "VERACODE:19712", "VERACODE:19714", "VERACODE:19715", "VERACODE:19716", "VERACODE:19717", "VERACODE:6046"]}, {"type": "zdt", "idList": ["1337DAY-ID-28426", "1337DAY-ID-28760", "1337DAY-ID-29286"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "ruby2.1", "version": 2}, {"name": "ruby2.1", "version": 2}, {"name": "ruby2.1", "version": 2}, {"name": "ruby2.1", "version": 2}]}, "epss": [{"cve": "CVE-2017-0898", "epss": "0.061480000", "percentile": "0.923780000", "modified": "2023-03-20"}, {"cve": "CVE-2017-0900", "epss": "0.022300000", "percentile": "0.877600000", "modified": "2023-03-20"}, {"cve": "CVE-2017-17405", "epss": "0.948850000", "percentile": "0.987920000", "modified": "2023-03-20"}, {"cve": "CVE-2017-0903", "epss": "0.183730000", "percentile": "0.953600000", "modified": "2023-03-20"}, {"cve": "CVE-2018-8778", "epss": "0.004530000", "percentile": "0.712910000", "modified": "2023-03-20"}, {"cve": "CVE-2017-17742", "epss": "0.007450000", "percentile": "0.780330000", "modified": "2023-03-20"}, {"cve": "CVE-2017-0899", "epss": "0.040840000", "percentile": "0.907740000", "modified": "2023-03-20"}, {"cve": "CVE-2017-10784", "epss": "0.015990000", "percentile": "0.853970000", "modified": "2023-03-20"}, {"cve": "CVE-2018-8780", "epss": "0.002270000", "percentile": "0.592000000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1000078", "epss": "0.010440000", "percentile": "0.816940000", "modified": "2023-03-20"}, {"cve": "CVE-2016-2339", "epss": "0.010500000", "percentile": "0.817610000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1000075", "epss": "0.019200000", "percentile": "0.867520000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1000076", "epss": "0.021680000", "percentile": "0.875710000", "modified": "2023-03-20"}, {"cve": "CVE-2016-7798", "epss": "0.004130000", "percentile": "0.699500000", "modified": "2023-03-20"}, {"cve": "CVE-2017-0902", "epss": "0.013380000", "percentile": "0.839920000", "modified": "2023-03-20"}, {"cve": "CVE-2017-14033", "epss": "0.017770000", "percentile": "0.861110000", "modified": "2023-03-20"}, {"cve": "CVE-2017-17790", "epss": "0.030840000", "percentile": "0.894860000", "modified": "2023-03-20"}, {"cve": "CVE-2015-9096", "epss": "0.003930000", "percentile": "0.692060000", "modified": "2023-03-20"}, {"cve": "CVE-2018-8777", "epss": "0.013430000", "percentile": "0.840260000", "modified": "2023-03-20"}, {"cve": "CVE-2017-14064", "epss": "0.011490000", "percentile": "0.826090000", "modified": "2023-03-20"}, {"cve": "CVE-2017-0901", "epss": "0.006050000", "percentile": "0.752820000", "modified": "2023-03-20"}, {"cve": "CVE-2018-8779", "epss": "0.004080000", "percentile": "0.697680000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1000077", "epss": "0.005750000", "percentile": "0.745940000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1000079", "epss": "0.003630000", "percentile": "0.679910000", "modified": "2023-03-20"}, {"cve": "CVE-2018-6914", "epss": "0.002580000", "percentile": "0.618310000", "modified": "2023-03-20"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1687933356, "score": 1687933982, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "39129d33badb918a753aaf03138d0f93"}, "affectedSoftware": [{"version": "2.1.5-2", "operator": "eq", "name": "ruby2.1"}, {"version": "2.1.5-2+deb8u1", "operator": "eq", "name": "ruby2.1"}, {"version": "2.1.5-2+deb8u2", "operator": "eq", "name": "ruby2.1"}, {"version": "2.1.5-2+deb8u3", "operator": "eq", "name": "ruby2.1"}]}

{"openvas": [{"lastseen": "2020-01-29T20:07:15", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\nor MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby2.1 (DLA-1421-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2018-8778", "CVE-2017-17742", "CVE-2017-0899", "CVE-2017-10784", "CVE-2018-8780", "CVE-2018-1000078", "CVE-2016-2339", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2016-7798", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2015-9096", "CVE-2018-8777", "CVE-2017-14064", "CVE-2017-0901", "CVE-2018-8779", "CVE-2018-1000077", "CVE-2018-1000079", "CVE-2018-6914"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891421", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891421\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-2339\", \"CVE-2016-7798\", \"CVE-2017-0898\", \"CVE-2017-0899\",\n \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\",\n \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\",\n \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\",\n \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_name(\"Debian LTS: Security Advisory for ruby2.1 (DLA-1421-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-07-16 00:00:00 +0200 (Mon, 16 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"ruby2.1 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO\nor MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby2.1\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-dev\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-doc\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.1-tcltk\", ver:\"2.1.5-2+deb8u4\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:26", "description": "Check the version of ruby", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "CentOS Update for ruby CESA-2018:0378 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882847", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0378_ruby_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for ruby CESA-2018:0378 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882847\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:29:25 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\",\n \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\",\n \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ruby CESA-2018:0378 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ruby\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Ruby is an extensible, interpreted,\nobject-oriented, scripting language. It has features to process text files and\nto perform system management tasks.\n\nSecurity Fix(es):\n\n * It was discovered that the Net::FTP module did not properly process\nfilenames in combination with certain operations. A remote attacker could\nexploit this flaw to execute arbitrary commands by setting up a malicious\nFTP server and tricking a user or Ruby application into downloading files\nwith specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n * A buffer underflow was found in ruby's sprintf function. An attacker,\nwith ability to control its format string parameter, could send a specially\ncrafted string that would disclose heap memory or crash the interpreter.\n(CVE-2017-0898)\n\n * It was found that rubygems did not sanitize gem names during installation\nof a given gem. A specially crafted gem could use this flaw to install\nfiles outside of the regular directory. (CVE-2017-0901)\n\n * A vulnerability was found where rubygems did not sanitize DNS responses\nwhen requesting the hostname of the rubygems server for a domain, via a\n_rubygems._tcp DNS SRV query. An attacker with the ability to manipulate\nDNS responses could direct the gem command towards a different domain.\n(CVE-2017-0902)\n\n * A vulnerability was found where the rubygems module was vulnerable to an\nunsafe YAML deserialization when inspecting a gem. Applications inspecting\ngem files without installing them can be tricked to execute arbitrary code\nin the context of the ruby interpreter. (CVE-2017-0903)\n\n * It was found that WEBrick did not sanitize all its log messages. If logs\nwere printed in a terminal, an attacker could interact with the terminal\nvia the use of escape sequences. (CVE-2017-10784)\n\n * It was found that the decode method of the OpenSSL::ASN1 module was\nvulnerable to buffer underrun. An attacker could pass a specially crafted\nstring to the application in order to crash the ruby interpreter, causing a\ndenial of service. (CVE-2017-14033)\n\n * A vulnerability was found where rubygems did not properly sanitize gems'\nspecification text. A specially crafted gem could interact with the\nterminal via the use of escape sequences. (CVE-2017-0899)\n\n * It was found that rubygems could use an excessive amount of CPU while\nparsing a sufficiently long gem summary. A specially crafted gem from a gem\nrepository could freeze gem commands attempting to parse its summary.\n(CVE-2017-0900)\n\n * A buffer overflow vulnerability was found in the JSON extension of ruby.\nAn attacker with the ability to pass a specially crafted JSON input to the\nextension could use this flaw to ex ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"ruby on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0378\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-March/022791.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-doc\", rpm:\"ruby-doc~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-minitest\", rpm:\"rubygem-minitest~4.3.2~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rake\", rpm:\"rubygem-rake~0.9.6~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14.1~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"rubygems-devel\", rpm:\"rubygems-devel~2.0.14.1~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~2.0.0.648~33.el7_4\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:07:22", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to\nan HTTP response splitting vulnerability. It was possible for an attacker\nto inject fake HTTP responses if a script accepted an external input and\noutput it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot) in\nthe prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large\nrequest in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in\nsome methods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute", "cvss3": {}, "published": "2018-04-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby1.9.1 (DLA-1358-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2017-17742", "CVE-2018-8780", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-1000077", "CVE-2018-6914"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891358", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891358\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\",\n \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_name(\"Debian LTS: Security Advisory for ruby1.9.1 (DLA-1358-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 00:00:00 +0200 (Wed, 25 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"ruby1.9.1 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.9.3.194-8.1+deb7u8.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to\nan HTTP response splitting vulnerability. It was possible for an attacker\nto inject fake HTTP responses if a script accepted an external input and\noutput it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot) in\nthe prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large\nrequest in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in\nsome methods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.194-8.1+deb7u8\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:02", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191407", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191407", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1407\");\n script_version(\"2020-01-23T11:42:38+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:42:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:42:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-1407)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1407\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1407\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2019-1407 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.(CVE-2017-17405)\n\nThe 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.(CVE-2017-17790)\n\nIt was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.(CVE-2017-0900)\n\nIt was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.(CVE-2017-0901)\n\nA vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.(CVE-2017-0902)\n\nA vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.(CVE-2017-0899)\n\nA buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the inter preter's heap memory.(CVE-2017-14064)\n\nIt was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.(CVE-2017-10784)\n\nIt was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.(CVE-2017-14033)\n\nA buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.(CVE-2017-0898)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.(CVE-2017-0903)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14.1~33.h11\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1067)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181067", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181067", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1067\");\n script_version(\"2020-01-23T11:11:28+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:11:28 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:11:28 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1067)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1067\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1067\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1067 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\nA buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\nIt was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\nA vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\nIt was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\nIt was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\nA vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\nIt was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\nA buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181248", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181248", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1248\");\n script_version(\"2020-01-23T11:18:47+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:18:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:18:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1248)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1248\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1248\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1248 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '<pipe>' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.(CVE-2017-17790)\n\nA buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\n\nIt was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\nIt was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\nIt was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\nA vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\nIt was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\nIt was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\nA buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the inte ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~23.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.353~23.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.353~23.h7\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:13", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-17405", "CVE-2017-0903", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-0902", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181066", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181066", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1066\");\n script_version(\"2020-01-23T11:11:17+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:11:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:11:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1066)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1066\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1066\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1066 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\nA buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\nIt was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\nA vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\nIt was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\nIt was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\nA vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\nIt was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\nA buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h2\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:56:39", "description": "Several vulnerabilities have been discovered in the interpreter for the\nRuby language, which may result in incorrect processing of HTTP/FTP,\ndirectory traversal, command injection, unintended socket creation or\ninformation disclosure.\n\nThis update also fixes several issues in RubyGems which could allow an\nattacker to use specially crafted gem files to mount cross-site scripting\nattacks, cause denial of service through an infinite loop, write arbitrary\nfiles, or run malicious code.", "cvss3": {}, "published": "2018-07-31T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4259-1 (ruby2.3 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17405", "CVE-2018-8778", "CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-8780", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2017-17790", "CVE-2018-1000074", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-1000077", "CVE-2018-1000079", "CVE-2018-6914"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704259", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704259", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4259-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704259\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\", \"CVE-2018-1000073\", \"CVE-2018-1000074\",\n \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\",\n \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_name(\"Debian Security Advisory DSA 4259-1 (ruby2.3 - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-31 00:00:00 +0200 (Tue, 31 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4259.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ruby2.3 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.3.3-1+deb9u3.\n\nWe recommend that you upgrade your ruby2.3 packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/ruby2.3\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the interpreter for the\nRuby language, which may result in incorrect processing of HTTP/FTP,\ndirectory traversal, command injection, unintended socket creation or\ninformation disclosure.\n\nThis update also fixes several issues in RubyGems which could allow an\nattacker to use specially crafted gem files to mount cross-site scripting\nattacks, cause denial of service through an infinite loop, write arbitrary\nfiles, or run malicious code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.3-dev\", ver:\"2.3.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.3-doc\", ver:\"2.3.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby2.3-tcltk\", ver:\"2.3.3-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:58", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2018-8780", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181207", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1207\");\n script_version(\"2020-01-23T11:17:32+0000\");\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:32 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:32 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1207)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1207\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1207\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1207 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\nA integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\nIt was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\nIt was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\nIt was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000075)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000076)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h10\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:13", "description": "Multiple vulnerabilities were discovered in the interpreter for the Ruby\nlanguage:\n\nCVE-2015-9096\nSMTP command injection in Net::SMTP.\n\nCVE-2016-7798\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nCVE-2017-0900\nDenial of service in the RubyGems client.\n\nCVE-2017-0901\nPotential file overwrite in the RubyGems client.\n\nCVE-2017-0902\nDNS hijacking in the RubyGems client.\n\nCVE-2017-14064\nHeap memory disclosure in the JSON library.", "cvss3": {}, "published": "2017-09-05T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3966-1 (ruby2.3 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0900", "CVE-2017-0899", "CVE-2016-7798", "CVE-2017-0902", "CVE-2015-9096", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703966", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3966.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3966-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703966\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-7798\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-14064\");\n script_name(\"Debian Security Advisory DSA 3966-1 (ruby2.3 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-05 00:00:00 +0200 (Tue, 05 Sep 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3966.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ruby2.3 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.3.3-1+deb9u1. This update also hardens RubyGems against\nmalicious terminal escape sequences (CVE-2017-0899\n).\n\nWe recommend that you upgrade your ruby2.3 packages.\");\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in the interpreter for the Ruby\nlanguage:\n\nCVE-2015-9096\nSMTP command injection in Net::SMTP.\n\nCVE-2016-7798\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nCVE-2017-0900\nDenial of service in the RubyGems client.\n\nCVE-2017-0901\nPotential file overwrite in the RubyGems client.\n\nCVE-2017-0902\nDNS hijacking in the RubyGems client.\n\nCVE-2017-14064\nHeap memory disclosure in the JSON library.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-dev\", ver:\"2.3.3-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-doc\", ver:\"2.3.3-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-tcltk\", ver:\"2.3.3-1+deb9u1\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:49", "description": "Multiple vulnerabilities were discovered in the Ruby 1.9 interpreter.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability\n\nCVE-2017-0900\n\nDOS vulernerability in the query command\n\nCVE-2017-0901\n\ngem installer allows a malicious gem to overwrite arbitrary files\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic\nauthentication of WEBrick\n\nCVE-2017-14033\n\nBuffer underrun vulnerability in OpenSSL ASN1 decode\n\nCVE-2017-14064\n\nHeap exposure vulnerability in generating JSON", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby1.9.1 (DLA-1114-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891114", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891114", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891114\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_name(\"Debian LTS: Security Advisory for ruby1.9.1 (DLA-1114-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00029.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"ruby1.9.1 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.9.3.194-8.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were discovered in the Ruby 1.9 interpreter.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability\n\nCVE-2017-0900\n\nDOS vulernerability in the query command\n\nCVE-2017-0901\n\ngem installer allows a malicious gem to overwrite arbitrary files\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic\nauthentication of WEBrick\n\nCVE-2017-14033\n\nBuffer underrun vulnerability in OpenSSL ASN1 decode\n\nCVE-2017-14064\n\nHeap exposure vulnerability in generating JSON\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.194-8.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-30T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2018-7be77249d4", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2017-17742", "CVE-2018-8780", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874622", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874622", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_7be77249d4_ruby_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2018-7be77249d4\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874622\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-30 06:01:49 +0200 (Wed, 30 May 2018)\");\n script_cve_id(\"CVE-2018-8778\", \"CVE-2017-17742\", \"CVE-2018-8777\", \"CVE-2018-8780\",\n \"CVE-2018-8779\", \"CVE-2018-6914\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2018-7be77249d4\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-7be77249d4\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KRAKUSUYQIEYABLOEAHQN3IUK466S4W2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.4.4~88.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:23", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to\nan HTTP response splitting vulnerability. It was possible for an attacker\nto inject fake HTTP responses if a script accepted an external input and\noutput it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot) in\nthe prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large\nrequest in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in\nsome methods in Dir, by the lack of checking for NUL bytes in their\nparameter.", "cvss3": {}, "published": "2018-04-25T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby1.8 (DLA-1359-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2017-17742", "CVE-2018-8780", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891359", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891359\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_name(\"Debian LTS: Security Advisory for ruby1.8 (DLA-1359-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-25 00:00:00 +0200 (Wed, 25 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"ruby1.8 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.8.7.358-7.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.8 packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies the\nfollowing issues:\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to\nan HTTP response splitting vulnerability. It was possible for an attacker\nto inject fake HTTP responses if a script accepted an external input and\noutput it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot) in\nthe prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large\nrequest in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in\nsome methods in Dir, by the lack of checking for NUL bytes in their\nparameter.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-full\", ver:\"1.8.7.358-7.1+deb7u6\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:04", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-06-07T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2018-a459acd54b", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2017-17742", "CVE-2018-8780", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874655", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_a459acd54b_ruby_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2018-a459acd54b\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874655\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-06-07 05:57:35 +0200 (Thu, 07 Jun 2018)\");\n script_cve_id(\"CVE-2018-8778\", \"CVE-2017-17742\", \"CVE-2018-8777\", \"CVE-2018-8780\",\n \"CVE-2018-8779\", \"CVE-2018-6914\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2018-a459acd54b\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-a459acd54b\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3MEM2H6I3H7GKJJSOW6KKWZJCEDDDKLE\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.4.4~89.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3685-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0903", "CVE-2017-17742", "CVE-2017-10784", "CVE-2017-0902", "CVE-2018-1000074", "CVE-2018-8777", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843784", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843784", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3685_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby2.3 USN-3685-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843784\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-14064\", \"CVE-2017-10784\", \"CVE-2017-17742\", \"CVE-2018-1000074\", \"CVE-2018-8777\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:18:53 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3685-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3685-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3685-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the USN-3685-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Some of these CVE were already addressed in previous\nUSN: 3439-1, 3553-1, 3528-1. Here we address for\nthe remain releases.\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a buffer overrun. (CVE-2017-0898)\n\nIt was discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby was vulnerable to a DNS hijacking\nvulnerability. An attacker could use this to possibly force the\nRubyGems client to download and install gems from a server that the\nattacker controls. (CVE-2017-0902)\n\nIt was discovered that Ruby incorrectly handled certain YAML files.\nAn attacker could use this to possibly execute arbitrary code.\n(CVE-2017-0903)\n\nIt was discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to expose sensitive information.\n(CVE-2017-14064)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to execute arbitrary code. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain network\nrequests. An attacker could possibly use this to inject a crafted key\ninto a HTTP response. (CVE-2017-17742)\n\nIt was discovered that Ruby incorrectly handled certain files.\nAn attacker could possibly use this to execute arbitrary code.\nThis update is only addressed to ruby2.0. (CVE-2018-1000074)\n\nIt was discovered that Ruby incorrectly handled certain network\nrequests. An attacker could possibly use this to cause a denial of\nservice. (CVE-2018-8777)\");\n\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0\", ver:\"2.0.0.484-1ubuntu2.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.12\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.0\", ver:\"2.0.0.484-1ubuntu2.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu1.6\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu1.6\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.10\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.10\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:08", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2018-8780", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181275", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181275", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1275\");\n script_version(\"2020-01-23T11:19:47+0000\");\n script_cve_id(\"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:19:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:19:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1275)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1275\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1275\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1275 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\nA integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\nIt was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\nIt was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\nIt was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization 2.5.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~23.h8\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.353~23.h8\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.353~23.h8\", rls:\"EULEROSVIRT-2.5.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby1.9.1 USN-3439-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0900", "CVE-2017-0899", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-0901", "CVE-2017-10748"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3439_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby1.9.1 USN-3439-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843791\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-10748\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:20:37 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby1.9.1 USN-3439-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3439-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3439-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby1.9.1'\n package(s) announced via the USN-3439-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a buffer overrun.\n(CVE-2017-0898)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to execute terminal escape sequences.\n(CVE-2017-0899)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a denial of service.\n(CVE-2017-0900)\n\nIt was discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to execute arbitrary code.\n(CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a denial of service.\n(CVE-2017-14033)\n\nIt was discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to expose sensitive information.\n(CVE-2017-14064)\");\n\n script_tag(name:\"affected\", value:\"ruby1.9.1 on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.5\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1206)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2018-8780", "CVE-2018-8777", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181206", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181206", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1206\");\n script_version(\"2020-01-23T11:17:27+0000\");\n script_cve_id(\"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:17:27 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:17:27 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1206)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1206\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1206\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1206 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\nA integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\nIt was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\nIt was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\nIt was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h11\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:55", "description": "Multiple vulnerabilities were found in the rubygems package management\nframework, embedded in JRuby, a pure-Java implementation of the Ruby\nprogramming language.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for jruby (DLA-1337-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891337", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891337\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\");\n script_name(\"Debian LTS: Security Advisory for jruby (DLA-1337-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-03 00:00:00 +0200 (Tue, 03 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"jruby on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.5.6-5+deb7u1.\n\nWe recommend that you upgrade your jruby packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in the rubygems package management\nframework, embedded in JRuby, a pure-Java implementation of the Ruby\nprogramming language.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"jruby\", ver:\"1.5.6-5+deb7u1\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-03T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2018-40ed78700c", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2017-17790", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874180", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874180", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_40ed78700c_ruby_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2018-40ed78700c\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874180\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-03 08:24:14 +0100 (Sat, 03 Mar 2018)\");\n script_cve_id(\"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\",\n \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2018-40ed78700c\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-40ed78700c\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DL3WGQQLKJ73OT36WELFBEKK53MVADZ7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.4.3~87.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3528-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-10784", "CVE-2017-14033", "CVE-2017-17790", "CVE-2017-14064"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843684", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843684", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3528_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby2.3 USN-3528-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843684\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:06:44 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3528-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3528-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3528-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the USN-3528-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ruby incorrectly handled certain terminal\nemulator escape sequences. An attacker could use this to execute\narbitrary code via a crafted user name. This issue only affected Ubuntu\n16.04 LTS and Ubuntu 17.10. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain strings.\nAn attacker could use this to cause a denial of service. This issue\nonly affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033)\n\nIt was discovered that Ruby incorrectly handled some generating JSON.\nAn attacker could use this to possible expose sensitive information.\nThis issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10.\n(CVE-2017-14064)\n\nIt was discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to execute arbitrary code.\n(CVE-2017-17790)\");\n\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.7\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu1.2\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.5\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-16T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2017-e136d63c99", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0900", "CVE-2017-0899", "CVE-2017-0902", "CVE-2017-14064", "CVE-2017-0901"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873376", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_e136d63c99_ruby_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2017-e136d63c99\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873376\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-16 07:45:07 +0200 (Sat, 16 Sep 2017)\");\n script_cve_id(\"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\",\n \"CVE-2017-14064\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2017-e136d63c99\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-e136d63c99\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UFJE2REXNRTPGIHSNPRSAWTVCLFMRJZT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.3.4~64.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T20:07:15", "description": "Multiple vulnerabilities were found in rubygems, a package management framework\nfor Ruby.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute", "cvss3": {}, "published": "2018-04-02T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for rubygems (DLA-1336-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891336", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891336\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\");\n script_name(\"Debian LTS: Security Advisory for rubygems (DLA-1336-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-04-02 00:00:00 +0200 (Mon, 02 Apr 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00000.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"rubygems on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.8.24-1+deb7u2.\n\nWe recommend that you upgrade your rubygems packages.\");\n\n script_tag(name:\"summary\", value:\"Multiple vulnerabilities were found in rubygems, a package management framework\nfor Ruby.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could\ncause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed\ngem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid homepage\nURL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage\nattribute\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"rubygems\", ver:\"1.8.24-1+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rubygems-doc\", ver:\"1.8.24-1+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"rubygems1.8\", ver:\"1.8.24-1+deb7u2\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3626-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2018-8780", "CVE-2018-8779", "CVE-2018-6914"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843749", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3626_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby2.3 USN-3626-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843749\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-6914\", \"CVE-2018-8778\", \"CVE-2018-8780\", \"CVE-2018-8779\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:14:49 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3626-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3626-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3626-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the USN-3626-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-6914)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to access sensitive information.\n(CVE-2018-8778, CVE-2018-8780)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to connect to an unintended socket.\n(CVE-2018-8779)\");\n\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0\", ver:\"2.0.0.484-1ubuntu2.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.11\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.0\", ver:\"2.0.0.484-1ubuntu2.9\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu1.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu1.5\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:57", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-03-14T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2018-1fffa787e7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2017-17790", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310874232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874232", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_1fffa787e7_ruby_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2018-1fffa787e7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874232\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:42:44 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\",\n \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2018-1fffa787e7\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-1fffa787e7\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3S76N37KL7MJ7HGXXFCBGNNDAZYHXVB7\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.4.3~87.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:53", "description": "Several vulnerabilities have been discovered in the interpreter for the\nRuby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2017-0898\naerodudrizzt reported a buffer underrun vulnerability in the sprintf\nmethod of the Kernel module resulting in heap memory corruption or\ninformation disclosure from the heap.\n\nCVE-2017-0903\nMax Justicz reported that RubyGems is prone to an unsafe object\ndeserialization vulnerability. When parsed by an application which\nprocesses gems, a specially crafted YAML formatted gem specification\ncan lead to remote code execution.\n\nCVE-2017-10784\nYusuke Endoh discovered an escape sequence injection vulnerability\nin the Basic authentication of WEBrick. An attacker can take\nadvantage of this flaw to inject malicious escape sequences to the\nWEBrick log and potentially execute control characters on the\nvictim", "cvss3": {}, "published": "2017-11-11T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4031-1 (ruby2.3 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310704031", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704031", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_4031.nasl 14284 2019-03-18 15:02:15Z cfischer $\n#\n# Auto-generated from advisory DSA 4031-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704031\");\n script_version(\"$Revision: 14284 $\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\");\n script_name(\"Debian Security Advisory DSA 4031-1 (ruby2.3 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 16:02:15 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-11 00:00:00 +0100 (Sat, 11 Nov 2017)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2017/dsa-4031.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ruby2.3 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 2.3.3-1+deb9u2.\n\nWe recommend that you upgrade your ruby2.3 packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the interpreter for the\nRuby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2017-0898\naerodudrizzt reported a buffer underrun vulnerability in the sprintf\nmethod of the Kernel module resulting in heap memory corruption or\ninformation disclosure from the heap.\n\nCVE-2017-0903\nMax Justicz reported that RubyGems is prone to an unsafe object\ndeserialization vulnerability. When parsed by an application which\nprocesses gems, a specially crafted YAML formatted gem specification\ncan lead to remote code execution.\n\nCVE-2017-10784\nYusuke Endoh discovered an escape sequence injection vulnerability\nin the Basic authentication of WEBrick. An attacker can take\nadvantage of this flaw to inject malicious escape sequences to the\nWEBrick log and potentially execute control characters on the\nvictim's terminal emulator when reading logs.\n\nCVE-2017-14033\nasac reported a buffer underrun vulnerability in the OpenSSL\nextension. A remote attacker can take advantage of this flaw to\ncause the Ruby interpreter to crash leading to a denial of service.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-dev\", ver:\"2.3.3-1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-doc\", ver:\"2.3.3-1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby2.3-tcltk\", ver:\"2.3.3-1+deb9u2\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-09-10T00:00:00", "type": "openvas", "title": "Fedora Update for rubygems FEDORA-2017-20214ad330", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0900", "CVE-2017-0899", "CVE-2017-0902", "CVE-2017-0901"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873354", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873354", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_20214ad330_rubygems_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rubygems FEDORA-2017-20214ad330\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873354\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-09-10 07:31:02 +0200 (Sun, 10 Sep 2017)\");\n script_cve_id(\"CVE-2017-0901\", \"CVE-2017-0900\", \"CVE-2017-0902\", \"CVE-2017-0899\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rubygems FEDORA-2017-20214ad330\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygems'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rubygems on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-20214ad330\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6JMATGPJ5E3KZ45Y3IQ2QOH7PHU4DOR\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.6.13~100.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3621-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843695", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843695", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3621_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby2.3 USN-3621-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843695\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:07:58 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3621-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3621-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3621-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the USN-3621-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to access sensitive information.\n(CVE-2018-1000073)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-1000074)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-1000075)\n\nIt was discovered that Ruby incorrectly handled certain crypto\nsignatures. An attacker could possibly use this to execute arbitrary\ncode. (CVE-2018-1000076)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079)\");\n\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.10,\n Ubuntu 16.04 LTS,\n Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0\", ver:\"2.0.0.484-1ubuntu2.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.0\", ver:\"2.0.0.484-1ubuntu2.6\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu1.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu1.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.7\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby1.9.1 USN-3621-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843690", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843690", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3621_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby1.9.1 USN-3621-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843690\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-1000074\", \"CVE-2018-1000073\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:07:14 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby1.9.1 USN-3621-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3621-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3621-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby1.9.1'\n package(s) announced via the USN-3621-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3621-1 fixed vulnerabilities in Ruby. The update caused an issue\ndue to an incomplete patch for CVE-2018-1000074. This update reverts\nthe problematic patch pending further investigation.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to access sensitive information.\n(CVE-2018-1000073)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-1000074)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could possibly use this to cause a denial of service.\n(CVE-2018-1000075)\n\nIt was discovered that Ruby incorrectly handled certain crypto\nsignatures. An attacker could possibly use this to execute arbitrary\ncode. (CVE-2018-1000076)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could possibly use this to execute arbitrary code.\n(CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079)\");\n\n script_tag(name:\"affected\", value:\"ruby1.9.1 on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libruby2.0\", ver:\"2.0.0.484-1ubuntu2.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.484-2ubuntu1.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.484-2ubuntu1.10\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.0\", ver:\"2.0.0.484-1ubuntu2.8\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:39:55", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2230)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000078", "CVE-2016-7798", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192230", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192230", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2230\");\n script_version(\"2020-01-23T12:42:05+0000\");\n script_cve_id(\"CVE-2016-7798\", \"CVE-2017-17742\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:42:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2230)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2230\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2230\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2019-2230 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.(CVE-2016-7798)\n\nRuby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.(CVE-2017-17742)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000073)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000074)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000077)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000078)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h18.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-05T17:46:09", "description": "This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2018-11-02T00:00:00", "type": "openvas", "title": "Apple MacOSX Security Updates(HT209193)-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-17405", "CVE-2018-4288", "CVE-2018-8778", "CVE-2017-17742", "CVE-2017-10784", "CVE-2018-8780", "CVE-2018-4286", "CVE-2018-4287", "CVE-2018-4334", "CVE-2018-4242", "CVE-2018-4259", "CVE-2017-14033", "CVE-2018-6797", "CVE-2018-8777", "CVE-2017-14064", "CVE-2018-8779", "CVE-2018-4291", "CVE-2018-6914"], "modified": "2020-03-04T00:00:00", "id": "OPENVAS:1361412562310814421", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310814421", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple MacOSX Security Updates(HT209193)-01\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.814421\");\n script_version(\"2020-03-04T09:29:37+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\",\n \"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\",\n \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\", \"CVE-2018-6797\",\n \"CVE-2018-4259\", \"CVE-2018-4286\", \"CVE-2018-4287\", \"CVE-2018-4288\",\n \"CVE-2018-4291\", \"CVE-2018-4334\", \"CVE-2018-4242\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-04 09:29:37 +0000 (Wed, 04 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-11-02 10:56:30 +0530 (Fri, 02 Nov 2018)\");\n script_name(\"Apple MacOSX Security Updates(HT209193)-01\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Apple Mac OS X\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - A memory corruption issue related to improper locking.\n\n - Multiple memory corruption issues related to improper memory handling.\n\n - Multiple issues in Perl related to improper memory handling.\n\n - Multiple issues in Ruby.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows attackers to\n cause unexpected application termination or arbitrary code execution.\");\n\n script_tag(name:\"affected\", value:\"Apple Mac OS X versions 10.12.x through 10.12.6\n build 16G1510\");\n\n script_tag(name:\"solution\", value:\"Apply the appropriate patch for version 10.12.x. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_xref(name:\"URL\", value:\"https://support.apple.com/en-us/HT209193\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.12\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName)\n exit(0);\n\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer || osVer !~ \"^10\\.12\" || \"Mac OS X\" >!< osName){\n exit(0);\n}\n\nif(version_in_range(version:osVer, test_version:\"10.12\", test_version2:\"10.12.5\")){\n fix = \"Upgrade to latest OS release and apply patch from vendor\";\n}\n\nelse if(osVer == \"10.12.6\")\n{\n buildVer = get_kb_item(\"ssh/login/osx_build\");\n if(buildVer)\n {\n if(version_is_less(version:buildVer, test_version:\"16G1618\"))\n {\n fix = \"Apply patch from vendor\";\n osVer = osVer + \" Build \" + buildVer;\n }\n }\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:osVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:55:28", "description": "Several vulnerabilities were discovered in jruby, a Java\nimplementation of the Ruby programming language. They would allow an\nattacker to use specially crafted gem files to mount cross-site\nscripting attacks, cause denial of service through an infinite loop,\nwrite arbitrary files, or run malicious code.", "cvss3": {}, "published": "2018-06-08T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4219-1 (jruby - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704219", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704219", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4219-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704219\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\",\n \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_name(\"Debian Security Advisory DSA 4219-1 (jruby - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-06-08 00:00:00 +0200 (Fri, 08 Jun 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4219.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"jruby on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 1.7.26-1+deb9u1.\n\nWe recommend that you upgrade your jruby packages.\n\nIn addition, this message serves as an announcement that security\nsupport for jruby in the Debian 8 oldstable release (jessie) is now\ndiscontinued.\n\nUsers of jruby in Debian 8 that want security updates are strongly\nencouraged to upgrade now to the current Debian 9 stable release\n(stretch).\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/jruby\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities were discovered in jruby, a Java\nimplementation of the Ruby programming language. They would allow an\nattacker to use specially crafted gem files to mount cross-site\nscripting attacks, cause denial of service through an infinite loop,\nwrite arbitrary files, or run malicious code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"jruby\", ver:\"1.7.26-1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T16:47:02", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-07-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for ruby-bundled-gems-rpmhelper, ruby2.5 (openSUSE-SU-2019:1771-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8778", "CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-8780", "CVE-2018-1000078", "CVE-2018-16395", "CVE-2018-1000075", "CVE-2019-8320", "CVE-2019-8325", "CVE-2018-1000076", "CVE-2018-16396", "CVE-2018-1000074", "CVE-2019-8321", "CVE-2018-8777", "CVE-2019-8323", "CVE-2018-8779", "CVE-2018-1000077", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2019-8322", "CVE-2019-8324"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852623", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852623", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852623\");\n script_version(\"2020-01-31T08:04:39+0000\");\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\",\n \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\",\n \"CVE-2018-16395\", \"CVE-2018-16396\", \"CVE-2018-6914\", \"CVE-2018-8777\",\n \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\", \"CVE-2019-8320\",\n \"CVE-2019-8321\", \"CVE-2019-8322\", \"CVE-2019-8323\", \"CVE-2019-8324\",\n \"CVE-2019-8325\");\n script_tag(name:\"cvss_base\", value:\"8.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:04:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-07-22 02:00:43 +0000 (Mon, 22 Jul 2019)\");\n script_name(\"openSUSE: Security Advisory for ruby-bundled-gems-rpmhelper, ruby2.5 (openSUSE-SU-2019:1771-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2019:1771-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2019-07/msg00036.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby-bundled-gems-rpmhelper, ruby2.5'\n package(s) announced via the openSUSE-SU-2019:1771-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for ruby2.5 and ruby-bundled-gems-rpmhelper fixes the\n following issues:\n\n Security issues fixed:\n\n - CVE-2019-8320: Delete directory using symlink when decompressing tar\n (bsc#1130627)\n\n - CVE-2019-8321: Escape sequence injection vulnerability in verbose\n (bsc#1130623)\n\n - CVE-2019-8322: Escape sequence injection vulnerability in gem\n owner (bsc#1130622)\n\n - CVE-2019-8323: Escape sequence injection vulnerability in API response\n handling (bsc#1130620)\n\n - CVE-2019-8324: Installing a malicious gem may lead to arbitrary code\n execution (bsc#1130617)\n\n - CVE-2019-8325: Escape sequence injection vulnerability in errors\n (bsc#1130611)\n\n\n Ruby 2.5 was updated to 2.5.3:\n\n This release includes some bug fixes and some security fixes.\n\n Security issues fixed:\n\n - CVE-2018-16396: Tainted flags are not propagated in Array#pack and\n String#unpack with some directives (bsc#1112532)\n\n - CVE-2018-16395: OpenSSL::X509::Name equality check does not work\n correctly (bsc#1112530)\n\n Ruby 2.5 was updated to 2.5.1:\n\n This release includes some bug fixes and some security fixes.\n\n Security issues fixed:\n\n - CVE-2017-17742: HTTP response splitting in WEBrick (bsc#1087434)\n\n - CVE-2018-6914: Unintentional file and directory creation with directory\n traversal in tempfile and tmpdir (bsc#1087441)\n\n - CVE-2018-8777: DoS by large request in WEBrick (bsc#1087436)\n\n - CVE-2018-8778: Buffer under-read in String#unpack (bsc#1087433)\n\n - CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in\n UNIXServer and UNIXSocket (bsc#1087440)\n\n - CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in\n Dir (bsc#1087437)\n\n - Multiple vulnerabilities in RubyGems were fixed:\n\n - CVE-2018-1000079: Fixed path traversal issue during gem installation\n allows to write to arbitrary filesystem locations (bsc#1082058)\n\n - CVE-2018-1000075: Fixed infinite loop vulnerability due to negative\n size in tar header causes Denial of Service (bsc#1082014)\n\n - CVE-2018-1000078: Fixed XSS vulnerability in homepage attribute when\n displayed via gem server (bsc#1082011)\n\n - CVE-2018-1000077: Fixed that missing URL validation on spec home\n attribute allows malicious gem to set an invalid homepa ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ruby-bundled-gems-rpmhelper, ' package(s) on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-bundled-gems-rpmhelper\", rpm:\"ruby-bundled-gems-rpmhelper~0.0.2~lp150.2.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-doc-ri\", rpm:\"ruby2.5-doc-ri~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_5-2_5\", rpm:\"libruby2_5-2_5~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libruby2_5-2_5-debuginfo\", rpm:\"libruby2_5-2_5-debuginfo~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5\", rpm:\"ruby2.5~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-debuginfo\", rpm:\"ruby2.5-debuginfo~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-debugsource\", rpm:\"ruby2.5-debugsource~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-devel\", rpm:\"ruby2.5-devel~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-devel-extra\", rpm:\"ruby2.5-devel-extra~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-doc\", rpm:\"ruby2.5-doc~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby2.5-stdlib\", rpm:\"ruby2.5-stdlib~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"uby2.5-stdlib-debuginfo\", rpm:\"uby2.5-stdlib-debuginfo~2.5.5~lp150.3.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.8, "vector": "AV:N/AC:M/Au:N/C:N/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-29T00:00:00", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2017-6e6f4f95e6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-10784", "CVE-2017-14033"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873953", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873953", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_6e6f4f95e6_ruby_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for ruby FEDORA-2017-6e6f4f95e6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873953\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-29 08:05:08 +0100 (Fri, 29 Dec 2017)\");\n script_cve_id(\"CVE-2017-14033\", \"CVE-2017-10784\", \"CVE-2017-0898\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ruby FEDORA-2017-6e6f4f95e6\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-6e6f4f95e6\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3U6T42QITZNKC5KGDDMYAR4OS4TWYJ2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.4.2~84.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "Ubuntu Update for ruby2.3 USN-3553-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0903", "CVE-2017-0902", "CVE-2017-0901"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843725", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3553_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for ruby2.3 USN-3553-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843725\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:12:11 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"Ubuntu Update for ruby2.3 USN-3553-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(17\\.10|16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"3553-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3553-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby2.3'\n package(s) announced via the USN-3553-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that Ruby failed to validate specification names.\nAn attacker could possibly use a maliciously crafted gem to potentially\noverwrite any file on the filesystem. (CVE-2017-0901)\n\nIt was discovered that Ruby was vulnerable to a DNS hijacking\nvulnerability. An attacker could use this to possibly force the\nRubyGems client to download and install gems from a server that the\nattacker controls. (CVE-2017-0902)\n\nIt was discovered that Ruby incorrectly handled certain YAML files. An\nattacker could use this to possibly execute arbitrary code.\n(CVE-2017-0903)\");\n\n script_tag(name:\"affected\", value:\"ruby2.3 on Ubuntu 17.10,\n Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.3-1ubuntu1.3\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.3-1ubuntu1.3\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libruby2.3\", ver:\"2.3.1-2~16.04.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"ruby2.3\", ver:\"2.3.1-2~16.04.6\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2250)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000078", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192250", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192250", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2250\");\n script_version(\"2020-01-23T12:42:50+0000\");\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:42:50 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:42:50 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2019-2250)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2250\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2250\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2019-2250 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.(CVE-2017-17742)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000073)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000074)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000077)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000078)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000079)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h13\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:33:38", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1108)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000075", "CVE-2018-1000076"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181108", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181108", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1108\");\n script_version(\"2020-01-23T11:12:48+0000\");\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:12:48 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:12:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1108)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1108\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1108\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1108 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. (CVE-2018-1000075)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. (CVE-2018-1000076)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-14T16:54:34", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1195)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-9224", "CVE-2017-17742", "CVE-2017-9228", "CVE-2018-1000073", "CVE-2018-1000078", "CVE-2017-9229", "CVE-2017-9227", "CVE-2016-7798", "CVE-2015-9096", "CVE-2018-1000074", "CVE-2018-1000077", "CVE-2018-1000079"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201195", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201195", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1195\");\n script_version(\"2020-03-13T07:12:38+0000\");\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-7798\", \"CVE-2017-17742\", \"CVE-2017-9224\", \"CVE-2017-9227\", \"CVE-2017-9228\", \"CVE-2017-9229\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:12:38 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:12:38 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2020-1195)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1195\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1195\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2020-1195 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg-dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition.(CVE-2017-9229)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg-dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer.(CVE-2017-9227)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.(CVE-2017-9228)\n\nAn issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.(CVE-2017-9224)\n\nA SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.(CVE-2015-9096)\n\nThe openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.(CVE-2016-7798)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnera ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-bigdecimal\", rpm:\"rubygem-bigdecimal~1.2.0~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-io-console\", rpm:\"rubygem-io-console~0.4.2~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-json\", rpm:\"rubygem-json~1.7.7~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-psych\", rpm:\"rubygem-psych~2.0.0~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rdoc\", rpm:\"rubygem-rdoc~4.0.0~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems\", rpm:\"rubygems~2.0.14.1~33.h18\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:18", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000075", "CVE-2018-1000076"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181143", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1143\");\n script_version(\"2020-01-23T11:15:05+0000\");\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:15:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:15:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1143)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1143\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1143\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1143 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000075)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000076)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.648~33.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.648~33.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.648~33.h4\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:40:37", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17405", "CVE-2017-17790"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181030", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1030\");\n script_version(\"2020-01-23T11:09:22+0000\");\n script_cve_id(\"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:22 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:22 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1030)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1030\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1030\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1030 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '<pipe>' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.(CVE-2017-17790)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.598~25.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.598~25.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.598~25.h6\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17405", "CVE-2017-17790"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181029", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181029", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1029\");\n script_version(\"2020-01-23T11:09:21+0000\");\n script_cve_id(\"CVE-2017-17790\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:09:21 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:09:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2018-1029)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1029\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1029\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'ruby' package(s) announced via the EulerOS-SA-2018-1029 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '<pipe>' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.(CVE-2017-17790)\");\n\n script_tag(name:\"affected\", value:\"'ruby' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~23.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~2.0.0.353~23.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~2.0.0.353~23.h5\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-29T20:06:59", "description": "Some vulnerabilities were found in the Ruby 1.8 package that affects\nthe LTS distribution.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic\nauthentication of WEBrick", "cvss3": {}, "published": "2018-02-07T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for ruby1.8 (DLA-1113-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-10784"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891113", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891113\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-10784\");\n script_name(\"Debian LTS: Security Advisory for ruby1.8 (DLA-1113-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-02-07 00:00:00 +0100 (Wed, 07 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00030.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n\n script_tag(name:\"affected\", value:\"ruby1.8 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 7 'Wheezy', these problems have been fixed in version\n1.8.7.358-7.1+deb7u4.\n\nWe recommend that you upgrade your ruby1.8 packages.\");\n\n script_tag(name:\"summary\", value:\"Some vulnerabilities were found in the Ruby 1.8 package that affects\nthe LTS distribution.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic\nauthentication of WEBrick\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.8\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libruby1.8-dbg\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtcltk-ruby1.8\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ri1.8\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-dev\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-examples\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby1.8-full\", ver:\"1.8.7.358-7.1+deb7u4\", rls:\"DEB7\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-19T14:22:10", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the OpenSSL extension.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf.\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability in RubyGems.\n\nCVE-2017-0900\n\nDoS vulnerability in the RubyGems query command.\n\nCVE-2017-0901\n\ngem installer allowed a malicious gem to overwrite arbitrary files.\n\nCVE-2017-0902\n\nRubyGems DNS request hijacking vulnerability.\n\nCVE-2017-0903\n\nMax Justicz reported that RubyGems is prone to an unsafe object deserialization vulnerability. When parsed by an application which processes gems, a specially crafted YAML formatted gem specification can lead to remote code execution.\n\nCVE-2017-10784\n\nYusuke Endoh discovered an escape sequence injection vulnerability in the Basic authentication of WEBrick. An attacker can take advantage of this flaw to inject malicious escape sequences to the WEBrick log and potentially execute control characters on the victim's terminal emulator when reading logs.\n\nCVE-2017-14033\n\nasac reported a buffer underrun vulnerability in the OpenSSL extension. A remote attacker could take advantage of this flaw to cause the Ruby interpreter to crash leading to a denial of service.\n\nCVE-2017-14064\n\nHeap memory disclosure in the JSON library.\n\nCVE-2017-17405\n\nA command injection vulnerability in Net::FTP might allow a malicious FTP server to execute arbitrary commands.\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It was possible for an attacker to inject fake HTTP responses if a script accepted an external input and output it without modifications.\n\nCVE-2017-17790\n\nA command injection vulnerability in lib/resolv.rb's lazy_initialze might allow a command injection attack. However untrusted input to this function is rather unlikely.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library. It made it possible for attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby String#unpack method. If a big number was passed with the specifier @, the number was treated as a negative value, and an out-of-buffer read occurred. Attackers could read data on heaps if an script accepts an external input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open methods of the socket library bundled with Ruby did not check for NUL bytes in the path argument. The lack of check made the methods vulnerable to unintentional socket creation and unintentional socket access.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some methods in Dir, by the lack of checking for NUL bytes in their parameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could cause an infinite loop.\n\nCVE-2018-1000076\n\nRubyGems package improperly verifies cryptographic signatures. A mis-signed gem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in RubyGems specification homepage attribute could allow malicious gem to set an invalid homepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage attribute.\n\nCVE-2018-1000079\n\nPath Traversal vulnerability during gem installation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "nessus", "title": "Debian DLA-1421-1 : ruby2.1 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-9096", "CVE-2016-2339", "CVE-2016-7798", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1", "p-cpe:/a:debian:debian_linux:ruby2.1-dev", "p-cpe:/a:debian:debian_linux:ruby2.1-doc", "p-cpe:/a:debian:debian_linux:ruby2.1-tcltk", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1421.NASL", "href": "https://www.tenable.com/plugins/nessus/111081", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1421-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111081);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-2339\", \"CVE-2016-7798\", \"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"Debian DLA-1421-1 : ruby2.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\nCVE-2015-9096\n\nSMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or\nMAIL FROM command.\n\nCVE-2016-2339\n\nExploitable heap overflow in Fiddle::Function.new.\n\nCVE-2016-7798\n\nIncorrect handling of initialization vector in the GCM mode in the\nOpenSSL extension.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf.\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability in RubyGems.\n\nCVE-2017-0900\n\nDoS vulnerability in the RubyGems query command.\n\nCVE-2017-0901\n\ngem installer allowed a malicious gem to overwrite arbitrary files.\n\nCVE-2017-0902\n\nRubyGems DNS request hijacking vulnerability.\n\nCVE-2017-0903\n\nMax Justicz reported that RubyGems is prone to an unsafe object\ndeserialization vulnerability. When parsed by an application which\nprocesses gems, a specially crafted YAML formatted gem specification\ncan lead to remote code execution.\n\nCVE-2017-10784\n\nYusuke Endoh discovered an escape sequence injection vulnerability in\nthe Basic authentication of WEBrick. An attacker can take advantage of\nthis flaw to inject malicious escape sequences to the WEBrick log and\npotentially execute control characters on the victim's terminal\nemulator when reading logs.\n\nCVE-2017-14033\n\nasac reported a buffer underrun vulnerability in the OpenSSL\nextension. A remote attacker could take advantage of this flaw to\ncause the Ruby interpreter to crash leading to a denial of service.\n\nCVE-2017-14064\n\nHeap memory disclosure in the JSON library.\n\nCVE-2017-17405\n\nA command injection vulnerability in Net::FTP might allow a malicious\nFTP server to execute arbitrary commands.\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\nto an HTTP response splitting vulnerability. It was possible for an\nattacker to inject fake HTTP responses if a script accepted an\nexternal input and output it without modifications.\n\nCVE-2017-17790\n\nA command injection vulnerability in lib/resolv.rb's lazy_initialze\nmight allow a command injection attack. However untrusted input to\nthis function is rather unlikely.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot)\nin the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a\nlarge request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some\nmethods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that\ncould cause an infinite loop.\n\nCVE-2018-1000076\n\nRubyGems package improperly verifies cryptographic signatures. A\nmis-signed gem could be installed if the tarball contains multiple gem\nsignatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in RubyGems specification\nhomepage attribute could allow malicious gem to set an invalid\nhomepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute.\n\nCVE-2018-1000079\n\nPath Traversal vulnerability during gem installation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2.1.5-2+deb8u4.\n\nWe recommend that you upgrade your ruby2.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/ruby2.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.1-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"libruby2.1\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-dev\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-doc\", reference:\"2.1.5-2+deb8u4\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby2.1-tcltk\", reference:\"2.1.5-2+deb8u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:34", "description": "From Red Hat Security Advisory 2018:0378 :\n\nAn update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)", "cvss3": {}, "published": "2018-03-01T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ruby (ELSA-2018-0378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ruby", "p-cpe:/a:oracle:linux:ruby-devel", "p-cpe:/a:oracle:linux:ruby-doc", "p-cpe:/a:oracle:linux:ruby-irb", "p-cpe:/a:oracle:linux:ruby-libs", "p-cpe:/a:oracle:linux:ruby-tcltk", "p-cpe:/a:oracle:linux:rubygem-bigdecimal", "p-cpe:/a:oracle:linux:rubygem-io-console", "p-cpe:/a:oracle:linux:rubygem-json", "p-cpe:/a:oracle:linux:rubygem-minitest", "p-cpe:/a:oracle:linux:rubygem-psych", "p-cpe:/a:oracle:linux:rubygem-rake", "p-cpe:/a:oracle:linux:rubygem-rdoc", "p-cpe:/a:oracle:linux:rubygems", "p-cpe:/a:oracle:linux:rubygems-devel", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2018-0378.NASL", "href": "https://www.tenable.com/plugins/nessus/107080", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0378 and \n# Oracle Linux Security Advisory ELSA-2018-0378 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107080);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_xref(name:\"RHSA\", value:\"2018:0378\");\n\n script_name(english:\"Oracle Linux 7 : ruby (ELSA-2018-0378)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0378 :\n\nAn update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process\nfilenames in combination with certain operations. A remote attacker\ncould exploit this flaw to execute arbitrary commands by setting up a\nmalicious FTP server and tricking a user or Ruby application into\ndownloading files with specially crafted names using the Net::FTP\nmodule. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An\nattacker, with ability to control its format string parameter, could\nsend a specially crafted string that would disclose heap memory or\ncrash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during\ninstallation of a given gem. A specially crafted gem could use this\nflaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS\nresponses when requesting the hostname of the rubygems server for a\ndomain, via a _rubygems._tcp DNS SRV query. An attacker with the\nability to manipulate DNS responses could direct the gem command\ntowards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable\nto an unsafe YAML deserialization when inspecting a gem. Applications\ninspecting gem files without installing them can be tricked to execute\narbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If\nlogs were printed in a terminal, an attacker could interact with the\nterminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was\nvulnerable to buffer underrun. An attacker could pass a specially\ncrafted string to the application in order to crash the ruby\ninterpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize\ngems' specification text. A specially crafted gem could interact with\nthe terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU\nwhile parsing a sufficiently long gem summary. A specially crafted gem\nfrom a gem repository could freeze gem commands attempting to parse\nits summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of\nruby. An attacker with the ability to pass a specially crafted JSON\ninput to the extension could use this flaw to expose the interpreter's\nheap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly\nprocess certain filenames. A remote attacker could possibly exploit\nthis flaw to inject and execute arbitrary commands. (CVE-2017-17790)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-February/007545.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-doc-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-irb-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-libs-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-minitest-4.3.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-rake-0.9.6-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygem-rdoc-4.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygems-2.0.14.1-33.el7_4\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"rubygems-devel-2.0.14.1-33.el7_4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:34", "description": "Security Fix(es) :\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function.\n An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.\n (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.\n (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)", "cvss3": {}, "published": "2018-03-01T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ruby", "p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ruby-devel", "p-cpe:/a:fermilab:scientific_linux:ruby-doc", "p-cpe:/a:fermilab:scientific_linux:ruby-irb", "p-cpe:/a:fermilab:scientific_linux:ruby-libs", "p-cpe:/a:fermilab:scientific_linux:ruby-tcltk", "p-cpe:/a:fermilab:scientific_linux:rubygem-bigdecimal", "p-cpe:/a:fermilab:scientific_linux:rubygem-io-console", "p-cpe:/a:fermilab:scientific_linux:rubygem-json", "p-cpe:/a:fermilab:scientific_linux:rubygem-minitest", "p-cpe:/a:fermilab:scientific_linux:rubygem-psych", "p-cpe:/a:fermilab:scientific_linux:rubygem-rake", "p-cpe:/a:fermilab:scientific_linux:rubygem-rdoc", "p-cpe:/a:fermilab:scientific_linux:rubygems", "p-cpe:/a:fermilab:scientific_linux:rubygems-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180228_RUBY_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/107084", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107084);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL7.x x86_64 (20180228)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw to\n execute arbitrary commands by setting up a malicious FTP\n server and tricking a user or Ruby application into\n downloading files with specially crafted names using the\n Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function.\n An attacker, with ability to control its format string\n parameter, could send a specially crafted string that\n would disclose heap memory or crash the interpreter.\n (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use of\n escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the OpenSSL::ASN1\n module was vulnerable to buffer underrun. An attacker\n could pass a specially crafted string to the application\n in order to crash the ruby interpreter, causing a denial\n of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the use\n of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive amount\n of CPU while parsing a sufficiently long gem summary. A\n specially crafted gem from a gem repository could freeze\n gem commands attempting to parse its summary.\n (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - The 'lazy_initialize' function in lib/resolv.rb did not\n properly process certain filenames. A remote attacker\n could possibly exploit this flaw to inject and execute\n arbitrary commands. (CVE-2017-17790)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1802&L=scientific-linux-errata&F=&S=&P=9778\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3b8a648d\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-debuginfo-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ruby-doc-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ruby-irb-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-libs-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-minitest-4.3.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-rake-0.9.6-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-rdoc-4.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygems-2.0.14.1-33.el7_4\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygems-devel-2.0.14.1-33.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:30:00", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It was possible for an attacker to inject fake HTTP responses if a script accepted an external input and output it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library. It made it possible for attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby String#unpack method. If a big number was passed with the specifier @, the number was treated as a negative value, and an out-of-buffer read occurred. Attackers could read data on heaps if an script accepts an external input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open methods of the socket library bundled with Ruby did not check for NUL bytes in the path argument. The lack of check made the methods vulnerable to unintentional socket creation and unintentional socket access.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some methods in Dir, by the lack of checking for NUL bytes in their parameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could cause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed gem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification homepage attribute could allow malicious gem to set an invalid homepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage attribute\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.9.3.194-8.1+deb7u8.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "Debian DLA-1358-1 : ruby1.9.1 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby1.9.1", "p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg", "p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1", "p-cpe:/a:debian:debian_linux:ri1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1-dev", "p-cpe:/a:debian:debian_linux:ruby1.9.1-examples", "p-cpe:/a:debian:debian_linux:ruby1.9.1-full", "p-cpe:/a:debian:debian_linux:ruby1.9.3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1358.NASL", "href": "https://www.tenable.com/plugins/nessus/109283", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1358-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109283);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"Debian DLA-1358-1 : ruby1.9.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\nto an HTTP response splitting vulnerability. It was possible for an\nattacker to inject fake HTTP responses if a script accepted an\nexternal input and output it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot)\nin the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a\nlarge request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some\nmethods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that\ncould cause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A\nmis-signed gem could be installed if the tarball contains multiple gem\nsignatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid\nhomepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.9.3.194-8.1+deb7u8.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ruby1.9.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ri1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.9.1-dbg\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtcltk-ruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ri1.9.1\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-dev\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-examples\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-full\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.3\", reference:\"1.9.3.194-8.1+deb7u8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:20", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1066)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1066.NASL", "href": "https://www.tenable.com/plugins/nessus/108470", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108470);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17790\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1066)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw\n to execute arbitrary commands by setting up a malicious\n FTP server and tricking a user or Ruby application into\n downloading files with specially crafted names using\n the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf\n function. An attacker, with ability to control its\n format string parameter, could send a specially crafted\n string that would disclose heap memory or crash the\n interpreter. (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use\n of escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the\n OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to\n the application in order to crash the ruby interpreter,\n causing a denial of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the\n use of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive\n amount of CPU while parsing a sufficiently long gem\n summary. A specially crafted gem from a gem repository\n could freeze gem commands attempting to parse its\n summary. (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1066\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3db34d7b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h2\",\n \"ruby-irb-2.0.0.648-33.h2\",\n \"ruby-libs-2.0.0.648-33.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:40:48", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.(CVE-2017-17790)\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : ruby (EulerOS-SA-2018-1248)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1248.NASL", "href": "https://www.tenable.com/plugins/nessus/117557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117557);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17790\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : ruby (EulerOS-SA-2018-1248)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - The lazy_initialize function in lib/resolv.rb in Ruby\n through 2.4.3 uses Kernel#open, which might allow\n Command Injection attacks, as demonstrated by a\n Resolv::Hosts::new argument beginning with a '|'\n character, a different vulnerability than\n CVE-2017-17405. NOTE: situations with untrusted input\n may be highly unlikely.(CVE-2017-17790)\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - It was found that the decode method of the\n OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to\n the application in order to crash the ruby interpreter,\n causing a denial of service. (CVE-2017-14033)\n\n - It was found that rubygems could use an excessive\n amount of CPU while parsing a sufficiently long gem\n summary. A specially crafted gem from a gem repository\n could freeze gem commands attempting to parse its\n summary. (CVE-2017-0900)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use\n of escape sequences. (CVE-2017-10784)\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw\n to execute arbitrary commands by setting up a malicious\n FTP server and tricking a user or Ruby application into\n downloading files with specially crafted names using\n the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf\n function. An attacker, with ability to control its\n format string parameter, could send a specially crafted\n string that would disclose heap memory or crash the\n interpreter. (CVE-2017-0898)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the\n use of escape sequences. (CVE-2017-0899)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1248\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?25c237f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.353-23.h7\",\n \"ruby-irb-2.0.0.353-23.h7\",\n \"ruby-libs-2.0.0.353-23.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:27:51", "description": "The remote NewStart CGSL host, running version MAIN 5.04, has ruby packages installed that are affected by multiple vulnerabilities:\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - The lazy_initialize function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function.\n An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.\n (CVE-2017-0898)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.\n (CVE-2017-0900)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2022-05-19T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0013_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/127164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0013. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127164);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17790\"\n );\n\n script_name(english:\"NewStart CGSL MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 5.04, has ruby packages installed that are affected by multiple\nvulnerabilities:\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\n - The lazy_initialize function in lib/resolv.rb did not\n properly process certain filenames. A remote attacker\n could possibly exploit this flaw to inject and execute\n arbitrary commands. (CVE-2017-17790)\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw to\n execute arbitrary commands by setting up a malicious FTP\n server and tricking a user or Ruby application into\n downloading files with specially crafted names using the\n Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function.\n An attacker, with ability to control its format string\n parameter, could send a specially crafted string that\n would disclose heap memory or crash the interpreter.\n (CVE-2017-0898)\n\n - It was found that the decode method of the OpenSSL::ASN1\n module was vulnerable to buffer underrun. An attacker\n could pass a specially crafted string to the application\n in order to crash the ruby interpreter, causing a denial\n of service. (CVE-2017-14033)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use of\n escape sequences. (CVE-2017-10784)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory. (CVE-2017-0901)\n\n - It was found that rubygems could use an excessive amount\n of CPU while parsing a sufficiently long gem summary. A\n specially crafted gem from a gem repository could freeze\n gem commands attempting to parse its summary.\n (CVE-2017-0900)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the use\n of escape sequences. (CVE-2017-0899)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0013\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ruby packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-17405\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-17790\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 5.04\": [\n \"ruby-2.0.0.648-33.el7_4\",\n \"ruby-debuginfo-2.0.0.648-33.el7_4\",\n \"ruby-devel-2.0.0.648-33.el7_4\",\n \"ruby-doc-2.0.0.648-33.el7_4\",\n \"ruby-irb-2.0.0.648-33.el7_4\",\n \"ruby-libs-2.0.0.648-33.el7_4\",\n \"ruby-tcltk-2.0.0.648-33.el7_4\",\n \"rubygem-bigdecimal-1.2.0-33.el7_4\",\n \"rubygem-io-console-0.4.2-33.el7_4\",\n \"rubygem-json-1.7.7-33.el7_4\",\n \"rubygem-minitest-4.3.2-33.el7_4\",\n \"rubygem-psych-2.0.0-33.el7_4\",\n \"rubygem-rake-0.9.6-33.el7_4\",\n \"rubygem-rdoc-4.0.0-33.el7_4\",\n \"rubygems-2.0.14.1-33.el7_4\",\n \"rubygems-devel-2.0.14.1-33.el7_4\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:36", "description": "An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "CentOS 7 : ruby (CESA-2018:0378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:ruby-doc", "p-cpe:/a:centos:centos:ruby-irb", "p-cpe:/a:centos:centos:ruby-libs", "p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:rubygem-bigdecimal", "p-cpe:/a:centos:centos:rubygem-io-console", "p-cpe:/a:centos:centos:rubygem-json", "p-cpe:/a:centos:centos:rubygem-minitest", "p-cpe:/a:centos:centos:rubygem-psych", "p-cpe:/a:centos:centos:rubygem-rake", "p-cpe:/a:centos:centos:rubygem-rdoc", "p-cpe:/a:centos:centos:rubygems", "p-cpe:/a:centos:centos:rubygems-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0378.NASL", "href": "https://www.tenable.com/plugins/nessus/107270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0378 and \n# CentOS Errata and Security Advisory 2018:0378 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107270);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_xref(name:\"RHSA\", value:\"2018:0378\");\n\n script_name(english:\"CentOS 7 : ruby (CESA-2018:0378)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process\nfilenames in combination with certain operations. A remote attacker\ncould exploit this flaw to execute arbitrary commands by setting up a\nmalicious FTP server and tricking a user or Ruby application into\ndownloading files with specially crafted names using the Net::FTP\nmodule. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An\nattacker, with ability to control its format string parameter, could\nsend a specially crafted string that would disclose heap memory or\ncrash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during\ninstallation of a given gem. A specially crafted gem could use this\nflaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS\nresponses when requesting the hostname of the rubygems server for a\ndomain, via a _rubygems._tcp DNS SRV query. An attacker with the\nability to manipulate DNS responses could direct the gem command\ntowards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable\nto an unsafe YAML deserialization when inspecting a gem. Applications\ninspecting gem files without installing them can be tricked to execute\narbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If\nlogs were printed in a terminal, an attacker could interact with the\nterminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was\nvulnerable to buffer underrun. An attacker could pass a specially\ncrafted string to the application in order to crash the ruby\ninterpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize\ngems' specification text. A specially crafted gem could interact with\nthe terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU\nwhile parsing a sufficiently long gem summary. A specially crafted gem\nfrom a gem repository could freeze gem commands attempting to parse\nits summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of\nruby. An attacker with the ability to pass a specially crafted JSON\ninput to the extension could use this flaw to expose the interpreter's\nheap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly\nprocess certain filenames. A remote attacker could possibly exploit\nthis flaw to inject and execute arbitrary commands. (CVE-2017-17790)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-March/022791.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a404c151\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-10784\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-doc-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-irb-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-libs-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-minitest-4.3.2-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-rake-0.9.6-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-rdoc-4.0.0-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygems-2.0.14.1-33.el7_4\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygems-devel-2.0.14.1-33.el7_4\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:47", "description": "An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)", "cvss3": {}, "published": "2018-03-01T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2018:0378)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:rubygem-psych", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:rubygems-devel", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2018-0378.NASL", "href": "https://www.tenable.com/plugins/nessus/107082", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0378. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107082);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\", \"CVE-2017-17405\", \"CVE-2017-17790\");\n script_xref(name:\"RHSA\", value:\"2018:0378\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2018:0378)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nSecurity Fix(es) :\n\n* It was discovered that the Net::FTP module did not properly process\nfilenames in combination with certain operations. A remote attacker\ncould exploit this flaw to execute arbitrary commands by setting up a\nmalicious FTP server and tricking a user or Ruby application into\ndownloading files with specially crafted names using the Net::FTP\nmodule. (CVE-2017-17405)\n\n* A buffer underflow was found in ruby's sprintf function. An\nattacker, with ability to control its format string parameter, could\nsend a specially crafted string that would disclose heap memory or\ncrash the interpreter. (CVE-2017-0898)\n\n* It was found that rubygems did not sanitize gem names during\ninstallation of a given gem. A specially crafted gem could use this\nflaw to install files outside of the regular directory.\n(CVE-2017-0901)\n\n* A vulnerability was found where rubygems did not sanitize DNS\nresponses when requesting the hostname of the rubygems server for a\ndomain, via a _rubygems._tcp DNS SRV query. An attacker with the\nability to manipulate DNS responses could direct the gem command\ntowards a different domain. (CVE-2017-0902)\n\n* A vulnerability was found where the rubygems module was vulnerable\nto an unsafe YAML deserialization when inspecting a gem. Applications\ninspecting gem files without installing them can be tricked to execute\narbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\n\n* It was found that WEBrick did not sanitize all its log messages. If\nlogs were printed in a terminal, an attacker could interact with the\nterminal via the use of escape sequences. (CVE-2017-10784)\n\n* It was found that the decode method of the OpenSSL::ASN1 module was\nvulnerable to buffer underrun. An attacker could pass a specially\ncrafted string to the application in order to crash the ruby\ninterpreter, causing a denial of service. (CVE-2017-14033)\n\n* A vulnerability was found where rubygems did not properly sanitize\ngems' specification text. A specially crafted gem could interact with\nthe terminal via the use of escape sequences. (CVE-2017-0899)\n\n* It was found that rubygems could use an excessive amount of CPU\nwhile parsing a sufficiently long gem summary. A specially crafted gem\nfrom a gem repository could freeze gem commands attempting to parse\nits summary. (CVE-2017-0900)\n\n* A buffer overflow vulnerability was found in the JSON extension of\nruby. An attacker with the ability to pass a specially crafted JSON\ninput to the extension could use this flaw to expose the interpreter's\nheap memory. (CVE-2017-14064)\n\n* The 'lazy_initialize' function in lib/resolv.rb did not properly\nprocess certain filenames. A remote attacker could possibly exploit\nthis flaw to inject and execute arbitrary commands. (CVE-2017-17790)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0898\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-0903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-10784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-14064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-17790\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0378\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-debuginfo-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-devel-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-doc-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-irb-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-libs-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-tcltk-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-bigdecimal-1.2.0-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-io-console-0.4.2-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-33.el7_4\")) flag++;\n\n if (rpm_exists(rpm:\"rubygem-json-1.7\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-json-1.7.7-33.el7_4\")) flag++;\n\n if (rpm_exists(rpm:\"rubygem-json-1.7\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-minitest-4.3.2-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-psych-2.0.0-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rake-0.9.6-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rdoc-4.0.0-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rubygems-2.0.14.1-33.el7_4\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rubygems-devel-2.0.14.1-33.el7_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:20", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1067)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1067.NASL", "href": "https://www.tenable.com/plugins/nessus/108471", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108471);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17790\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1067)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw\n to execute arbitrary commands by setting up a malicious\n FTP server and tricking a user or Ruby application into\n downloading files with specially crafted names using\n the Net::FTP module. (CVE-2017-17405)\n\n - A buffer underflow was found in ruby's sprintf\n function. An attacker, with ability to control its\n format string parameter, could send a specially crafted\n string that would disclose heap memory or crash the\n interpreter. (CVE-2017-0898)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory. (CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain. (CVE-2017-0902)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby interpreter.\n (CVE-2017-0903)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use\n of escape sequences. (CVE-2017-10784)\n\n - It was found that the decode method of the\n OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to\n the application in order to crash the ruby interpreter,\n causing a denial of service. (CVE-2017-14033)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the\n use of escape sequences. (CVE-2017-0899)\n\n - It was found that rubygems could use an excessive\n amount of CPU while parsing a sufficiently long gem\n summary. A specially crafted gem from a gem repository\n could freeze gem commands attempting to parse its\n summary. (CVE-2017-0900)\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the interpreter's heap memory.\n (CVE-2017-14064)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1067\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0d95c5c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h2\",\n \"ruby-irb-2.0.0.648-33.h2\",\n \"ruby-libs-2.0.0.648-33.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:31", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.(CVE-2017-17405)\n\n - The 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands.(CVE-2017-17790)\n\n - It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary.(CVE-2017-0900)\n\n - It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory.(CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain.(CVE-2017-0902)\n\n - A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences.(CVE-2017-0899)\n\n - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the inter preter's heap memory.(CVE-2017-14064)\n\n - It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences.(CVE-2017-10784)\n\n - It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service.(CVE-2017-14033)\n\n - A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter.(CVE-2017-0898)\n\n - A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter.(CVE-2017-0903)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064", "CVE-2017-17405", "CVE-2017-17790"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "p-cpe:/a:huawei:euleros:rubygem-bigdecimal", "p-cpe:/a:huawei:euleros:rubygem-io-console", "p-cpe:/a:huawei:euleros:rubygem-json", "p-cpe:/a:huawei:euleros:rubygem-psych", "p-cpe:/a:huawei:euleros:rubygem-rdoc", "p-cpe:/a:huawei:euleros:rubygems", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1407.NASL", "href": "https://www.tenable.com/plugins/nessus/124910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124910);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-0898\",\n \"CVE-2017-0899\",\n \"CVE-2017-0900\",\n \"CVE-2017-0901\",\n \"CVE-2017-0902\",\n \"CVE-2017-0903\",\n \"CVE-2017-10784\",\n \"CVE-2017-14033\",\n \"CVE-2017-14064\",\n \"CVE-2017-17405\",\n \"CVE-2017-17790\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerabilities :\n\n - It was discovered that the Net::FTP module did not\n properly process filenames in combination with certain\n operations. A remote attacker could exploit this flaw\n to execute arbitrary commands by setting up a malicious\n FTP server and tricking a user or Ruby application into\n downloading files with specially crafted names using\n the Net::FTP module.(CVE-2017-17405)\n\n - The 'lazy_initialize' function in lib/resolv.rb did not\n properly process certain filenames. A remote attacker\n could possibly exploit this flaw to inject and execute\n arbitrary commands.(CVE-2017-17790)\n\n - It was found that rubygems could use an excessive\n amount of CPU while parsing a sufficiently long gem\n summary. A specially crafted gem from a gem repository\n could freeze gem commands attempting to parse its\n summary.(CVE-2017-0900)\n\n - It was found that rubygems did not sanitize gem names\n during installation of a given gem. A specially crafted\n gem could use this flaw to install files outside of the\n regular directory.(CVE-2017-0901)\n\n - A vulnerability was found where rubygems did not\n sanitize DNS responses when requesting the hostname of\n the rubygems server for a domain, via a _rubygems._tcp\n DNS SRV query. An attacker with the ability to\n manipulate DNS responses could direct the gem command\n towards a different domain.(CVE-2017-0902)\n\n - A vulnerability was found where rubygems did not\n properly sanitize gems' specification text. A specially\n crafted gem could interact with the terminal via the\n use of escape sequences.(CVE-2017-0899)\n\n - A buffer overflow vulnerability was found in the JSON\n extension of ruby. An attacker with the ability to pass\n a specially crafted JSON input to the extension could\n use this flaw to expose the inter preter's heap\n memory.(CVE-2017-14064)\n\n - It was found that WEBrick did not sanitize all its log\n messages. If logs were printed in a terminal, an\n attacker could interact with the terminal via the use\n of escape sequences.(CVE-2017-10784)\n\n - It was found that the decode method of the\n OpenSSL::ASN1 module was vulnerable to buffer underrun.\n An attacker could pass a specially crafted string to\n the application in order to crash the ruby interpreter,\n causing a denial of service.(CVE-2017-14033)\n\n - A buffer underflow was found in ruby's sprintf\n function. An attacker, with ability to control its\n format string parameter, could send a specially crafted\n string that would disclose heap memory or crash the\n interpreter.(CVE-2017-0898)\n\n - A vulnerability was found where the rubygems module was\n vulnerable to an unsafe YAML deserialization when\n inspecting a gem. Applications inspecting gem files\n without installing them can be tricked to execute\n arbitrary code in the context of the ruby\n interpreter.(CVE-2017-0903)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1407\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f513ca9e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h11\",\n \"ruby-irb-2.0.0.648-33.h11\",\n \"ruby-libs-2.0.0.648-33.h11\",\n \"rubygem-bigdecimal-1.2.0-33.h11\",\n \"rubygem-io-console-0.4.2-33.h11\",\n \"rubygem-json-1.7.7-33.h11\",\n \"rubygem-psych-2.0.0-33.h11\",\n \"rubygem-rdoc-4.0.0-33.h11\",\n \"rubygems-2.0.14.1-33.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T14:23:38", "description": "SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP\n\nA SMTP command injection flaw was found in the way Ruby's Net::SMTP module handled CRLF sequences in certain SMTP commands. An attacker could potentially use this flaw to inject SMTP commands in a SMTP session in order to facilitate phishing attacks or spam campaigns.\n(CVE-2015-9096)\n\nEscape sequence injection vulnerability in the Basic authentication of WEBrick\n\nThe Basic authentication code in WEBrick library in Ruby allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.\n(CVE-2017-10784)\n\nBuffer underrun in OpenSSL ASN1 decode\n\nThe decode method in the OpenSSL::ASN1 module in Ruby allows attackers to cause a denial of service (interpreter crash) via a crafted string.\n(CVE-2017-14033)\n\nNo size limit in summary length of gem spec\n\nRubyGems is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. (CVE-2017-0900)\n\nArbitrary file overwrite due to incorrect validation of specification name\n\nRubyGems fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nDNS hijacking vulnerability\n\nRubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902)\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nRuby is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap. (CVE-2017-0898)\n\nEscape sequence in the 'summary' field of gemspec\n\nRubyGems is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. (CVE-2017-0899)\n\nArbitrary heap exposure during a JSON.generate call\n\nRuby can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. (CVE-2017-14064)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)", "cvss3": {}, "published": "2017-10-03T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-9096", "CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby22", "p-cpe:/a:amazon:linux:ruby22-debuginfo", "p-cpe:/a:amazon:linux:ruby22-devel", "p-cpe:/a:amazon:linux:ruby22-doc", "p-cpe:/a:amazon:linux:ruby22-irb", "p-cpe:/a:amazon:linux:ruby22-libs", "p-cpe:/a:amazon:linux:ruby23", "p-cpe:/a:amazon:linux:ruby23-debuginfo", "p-cpe:/a:amazon:linux:ruby23-devel", "p-cpe:/a:amazon:linux:ruby23-doc", "p-cpe:/a:amazon:linux:ruby23-irb", "p-cpe:/a:amazon:linux:ruby23-libs", "p-cpe:/a:amazon:linux:rubygem22-bigdecimal", "p-cpe:/a:amazon:linux:rubygem22-io-console", "p-cpe:/a:amazon:linux:rubygem22-psych", "p-cpe:/a:amazon:linux:rubygem23-bigdecimal", "p-cpe:/a:amazon:linux:rubygem23-did_you_mean", "p-cpe:/a:amazon:linux:rubygem23-io-console", "p-cpe:/a:amazon:linux:rubygem23-json", "p-cpe:/a:amazon:linux:rubygem23-psych", "p-cpe:/a:amazon:linux:rubygems22", "p-cpe:/a:amazon:linux:rubygems22-devel", "p-cpe:/a:amazon:linux:rubygems23", "p-cpe:/a:amazon:linux:rubygems23-devel", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-906.NASL", "href": "https://www.tenable.com/plugins/nessus/103603", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-906.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103603);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2015-9096\", \"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_xref(name:\"ALAS\", value:\"2017-906\");\n\n script_name(english:\"Amazon Linux AMI : ruby22 / ruby23 (ALAS-2017-906)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM\ncommands in Net::SMTP\n\nA SMTP command injection flaw was found in the way Ruby's Net::SMTP\nmodule handled CRLF sequences in certain SMTP commands. An attacker\ncould potentially use this flaw to inject SMTP commands in a SMTP\nsession in order to facilitate phishing attacks or spam campaigns.\n(CVE-2015-9096)\n\nEscape sequence injection vulnerability in the Basic authentication of\nWEBrick\n\nThe Basic authentication code in WEBrick library in Ruby allows remote\nattackers to inject terminal emulator escape sequences into its log\nand possibly execute arbitrary commands via a crafted user name.\n(CVE-2017-10784)\n\nBuffer underrun in OpenSSL ASN1 decode\n\nThe decode method in the OpenSSL::ASN1 module in Ruby allows attackers\nto cause a denial of service (interpreter crash) via a crafted string.\n(CVE-2017-14033)\n\nNo size limit in summary length of gem spec\n\nRubyGems is vulnerable to maliciously crafted gem specifications to\ncause a denial of service attack against RubyGems clients who have\nissued a `query` command. (CVE-2017-0900)\n\nArbitrary file overwrite due to incorrect validation of specification\nname\n\nRubyGems fails to validate specification names, allowing a maliciously\ncrafted gem to potentially overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nDNS hijacking vulnerability\n\nRubyGems is vulnerable to a DNS hijacking vulnerability that allows a\nMITM attacker to force the RubyGems client to download and install\ngems from a server that the attacker controls. (CVE-2017-0902)\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nRuby is vulnerable to a malicious format string which contains a\nprecious specifier (*) with a huge minus value. Such situation can\nlead to a buffer overrun, resulting in a heap memory corruption or an\ninformation disclosure from the heap. (CVE-2017-0898)\n\nEscape sequence in the 'summary' field of gemspec\n\nRubyGems is vulnerable to maliciously crafted gem specifications that\ninclude terminal escape characters. Printing the gem specification\nwould execute terminal escape sequences. (CVE-2017-0899)\n\nArbitrary heap exposure during a JSON.generate call\n\nRuby can expose arbitrary memory during a JSON.generate call. The\nissues lies in using strdup in ext/json/ext/generator/generator.c,\nwhich will stop after encountering a '\\\\0' byte, returning a pointer\nto a string of length zero, which is not the length stored in\nspace_len. (CVE-2017-14064)\n\nA vulnerability was found where the rubygems module was vulnerable to\nan unsafe YAML deserialization when inspecting a gem. Applications\ninspecting gem files without installing them can be tricked to execute\narbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-906.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update ruby22' to update your system.\n\nRun 'yum update ruby23' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-debuginfo-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-devel-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-doc-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-irb-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-libs-2.2.8-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-debuginfo-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-devel-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-doc-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-irb-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-libs-2.3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-bigdecimal-1.2.6-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-io-console-0.4.3-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-psych-2.0.8.1-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-bigdecimal-1.2.8-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-did_you_mean-1.0.0-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-io-console-0.4.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-json-1.8.3.1-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-psych-2.1.0.1-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-2.4.5.2-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-devel-2.4.5.2-1.9.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-2.5.2.1-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-devel-2.5.2.1-1.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby22 / ruby22-debuginfo / ruby22-devel / ruby22-doc / ruby22-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:21:27", "description": "Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.\n\nThis update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.", "cvss3": {}, "published": "2018-08-02T00:00:00", "type": "nessus", "title": "Debian DSA-4259-1 : ruby2.3 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17405", "CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby2.3", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4259.NASL", "href": "https://www.tenable.com/plugins/nessus/111468", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4259. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111468);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-17405\", \"CVE-2017-17742\", \"CVE-2017-17790\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"DSA\", value:\"4259\");\n\n script_name(english:\"Debian DSA-4259-1 : ruby2.3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the interpreter for\nthe Ruby language, which may result in incorrect processing of\nHTTP/FTP, directory traversal, command injection, unintended socket\ncreation or information disclosure.\n\nThis update also fixes several issues in RubyGems which could allow an\nattacker to use specially crafted gem files to mount cross-site\nscripting attacks, cause denial of service through an infinite loop,\nwrite arbitrary files, or run malicious code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/ruby2.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby2.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4259\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby2.3 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.3.3-1+deb9u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libruby2.3\", reference:\"2.3.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3\", reference:\"2.3.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-dev\", reference:\"2.3.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-doc\", reference:\"2.3.3-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-tcltk\", reference:\"2.3.3-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:00", "description": "Arbitrary heap exposure during a JSON.generate call\n\nRuby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\\\\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len.\n(CVE-2017-14064)\n\nEscape sequence injection vulnerability in the Basic authentication of WEBrick\n\nThe Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name. (CVE-2017-10784)\n\nBuffer underrun in OpenSSL ASN1 decode\n\nThe decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string.\n(CVE-2017-14033)\n\nNo size limit in summary length of gem spec\n\nRubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications to cause a denial of service attack against RubyGems clients who have issued a `query` command. (CVE-2017-0900)\n\nArbitrary file overwrite due to incorrect validation of specification name\n\nRubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem. (CVE-2017-0901)\n\nDNS hijacking vulnerability\n\nRubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.\n(CVE-2017-0902)\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nRuby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.\n(CVE-2017-0898)\n\nEscape sequence in the 'summary' field of gemspec\n\nRubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters.\nPrinting the gem specification would execute terminal escape sequences. (CVE-2017-0899)\n\nA vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903)", "cvss3": {}, "published": "2017-10-27T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby24 (ALAS-2017-915)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby24-doc", "p-cpe:/a:amazon:linux:ruby24-irb", "p-cpe:/a:amazon:linux:ruby24-libs", "p-cpe:/a:amazon:linux:rubygem24-bigdecimal", "p-cpe:/a:amazon:linux:rubygem24-did_you_mean", "p-cpe:/a:amazon:linux:rubygem24-io-console", "p-cpe:/a:amazon:linux:rubygem24-json", "p-cpe:/a:amazon:linux:rubygem24-psych", "p-cpe:/a:amazon:linux:rubygem24-xmlrpc", "p-cpe:/a:amazon:linux:rubygems24", "p-cpe:/a:amazon:linux:rubygems24-devel", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:ruby24", "p-cpe:/a:amazon:linux:ruby24-debuginfo", "p-cpe:/a:amazon:linux:ruby24-devel"], "id": "ALA_ALAS-2017-915.NASL", "href": "https://www.tenable.com/plugins/nessus/104181", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-915.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104181);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_xref(name:\"ALAS\", value:\"2017-915\");\n\n script_name(english:\"Amazon Linux AMI : ruby24 (ALAS-2017-915)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Arbitrary heap exposure during a JSON.generate call\n\nRuby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can\nexpose arbitrary memory during a JSON.generate call. The issues lies\nin using strdup in ext/json/ext/generator/generator.c, which will stop\nafter encountering a '\\\\0' byte, returning a pointer to a string of\nlength zero, which is not the length stored in space_len.\n(CVE-2017-14064)\n\nEscape sequence injection vulnerability in the Basic authentication of\nWEBrick\n\nThe Basic authentication code in WEBrick library in Ruby before 2.2.8,\n2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to\ninject terminal emulator escape sequences into its log and possibly\nexecute arbitrary commands via a crafted user name. (CVE-2017-10784)\n\nBuffer underrun in OpenSSL ASN1 decode\n\nThe decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8,\n2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause\na denial of service (interpreter crash) via a crafted string.\n(CVE-2017-14033)\n\nNo size limit in summary length of gem spec\n\nRubyGems version 2.6.12 and earlier is vulnerable to maliciously\ncrafted gem specifications to cause a denial of service attack against\nRubyGems clients who have issued a `query` command. (CVE-2017-0900)\n\nArbitrary file overwrite due to incorrect validation of specification\nname\n\nRubyGems version 2.6.12 and earlier fails to validate specification\nnames, allowing a maliciously crafted gem to potentially overwrite any\nfile on the filesystem. (CVE-2017-0901)\n\nDNS hijacking vulnerability\n\nRubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking\nvulnerability that allows a MITM attacker to force the RubyGems client\nto download and install gems from a server that the attacker controls.\n(CVE-2017-0902)\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nRuby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious\nformat string which contains a precious specifier (*) with a huge\nminus value. Such situation can lead to a buffer overrun, resulting in\na heap memory corruption or an information disclosure from the heap.\n(CVE-2017-0898)\n\nEscape sequence in the 'summary' field of gemspec\n\nRubyGems version 2.6.12 and earlier is vulnerable to maliciously\ncrafted gem specifications that include terminal escape characters.\nPrinting the gem specification would execute terminal escape\nsequences. (CVE-2017-0899)\n\nA vulnerability was found where the rubygems module was vulnerable to\nan unsafe YAML deserialization when inspecting a gem. Applications\ninspecting gem files without installing them can be tricked to execute\narbitrary code in the context of the ruby interpreter. (CVE-2017-0903)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-915.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ruby24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-debuginfo-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-devel-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-doc-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-irb-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-libs-2.4.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-bigdecimal-1.3.0-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-did_you_mean-1.1.0-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-io-console-0.4.6-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-json-2.0.4-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-psych-2.2.2-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-xmlrpc-0.2.1-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-2.6.13-1.30.4.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-devel-2.6.13-1.30.4.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby24 / ruby24-debuginfo / ruby24-devel / ruby24-doc / ruby24-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:27:26", "description": "Path traversal when writing to a symlinked basedir outside of the root\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073)\n\nImproper verification of signatures in tarball allows to install mis-signed gem :\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\nInfinite loop vulnerability due to negative size in tar header causes Denial of Service\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\nCommand injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution :\n\nThe 'lazy_initialize' function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790)\n\nMissing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL :\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nXSS vulnerability in homepage attribute when displayed via gem server\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)\n\nUnsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)\n\nPath traversal issue during gem installation allows to write to arbitrary filesystem locations\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)\n\nIf a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake HTTP responses after the newline characters to show malicious contents to the clients.(CVE-2017-17742)\n\nThe Dir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contain relative directory specifiers '../', so this method can be used to target any directory. So, if a script accepts an external input as the prefix, and the targeted directory has inappropriate permissions or the ruby process has inappropriate privileges, the attacker can create a directory or a file at any directory.(CVE-2018-6914)\n\nIf an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack.(CVE-2018-8777)\n\nString#unpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the argument of String#unpack, the attacker can read data on heaps.(CVE-2018-8778)\n\nUNIXServer.open accepts the path of the socket to be created at the first parameter. If the path contains NUL (\\0) bytes, this method recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of this method, the attacker can make the socket file in the unintentional path. And, UNIXSocket.open also accepts the path of the socket to be created at the first parameter without checking NUL bytes like UNIXServer.open.\nSo, if a script accepts an external input as the argument of this method, the attacker can accepts the socket file in the unintentional path.(CVE-2018-8779)\n\nDir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL (\\0) bytes, these methods recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of these methods, the attacker can make the unintentional directory traversal.(CVE-2018-8780)", "cvss3": {}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : ruby20 / ruby22,ruby23,ruby24 (ALAS-2018-983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2017-17790", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby20", "p-cpe:/a:amazon:linux:ruby20-debuginfo", "p-cpe:/a:amazon:linux:ruby20-devel", "p-cpe:/a:amazon:linux:ruby20-doc", "p-cpe:/a:amazon:linux:ruby20-irb", "p-cpe:/a:amazon:linux:ruby20-libs", "p-cpe:/a:amazon:linux:rubygem22-io-console", "p-cpe:/a:amazon:linux:rubygem22-psych", "p-cpe:/a:amazon:linux:ruby22", "p-cpe:/a:amazon:linux:rubygem23-bigdecimal", "p-cpe:/a:amazon:linux:rubygem23-did_you_mean", "p-cpe:/a:amazon:linux:ruby22-debuginfo", "p-cpe:/a:amazon:linux:rubygem23-io-console", "p-cpe:/a:amazon:linux:ruby22-devel", "p-cpe:/a:amazon:linux:rubygem23-json", "p-cpe:/a:amazon:linux:ruby22-doc", "p-cpe:/a:amazon:linux:rubygem23-psych", "p-cpe:/a:amazon:linux:ruby22-irb", "p-cpe:/a:amazon:linux:rubygem24-bigdecimal", "p-cpe:/a:amazon:linux:ruby22-libs", "p-cpe:/a:amazon:linux:rubygem24-did_you_mean", "p-cpe:/a:amazon:linux:rubygem24-io-console", "p-cpe:/a:amazon:linux:ruby23", "p-cpe:/a:amazon:linux:rubygem24-json", "p-cpe:/a:amazon:linux:rubygem24-psych", "p-cpe:/a:amazon:linux:ruby23-debuginfo", "p-cpe:/a:amazon:linux:rubygem24-xmlrpc", "p-cpe:/a:amazon:linux:ruby23-devel", "p-cpe:/a:amazon:linux:rubygems20", "p-cpe:/a:amazon:linux:ruby23-doc", "p-cpe:/a:amazon:linux:rubygems20-devel", "p-cpe:/a:amazon:linux:rubygems22", "p-cpe:/a:amazon:linux:ruby23-irb", "p-cpe:/a:amazon:linux:rubygems22-devel", "p-cpe:/a:amazon:linux:rubygems23", "p-cpe:/a:amazon:linux:rubygems23-devel", "p-cpe:/a:amazon:linux:ruby23-libs", "p-cpe:/a:amazon:linux:rubygems24", "p-cpe:/a:amazon:linux:rubygems24-devel", "p-cpe:/a:amazon:linux:ruby24", "p-cpe:/a:amazon:linux:ruby24-debuginfo", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:ruby24-devel", "p-cpe:/a:amazon:linux:ruby24-doc", "p-cpe:/a:amazon:linux:ruby24-irb", "p-cpe:/a:amazon:linux:ruby24-libs", "p-cpe:/a:amazon:linux:rubygem20-bigdecimal", "p-cpe:/a:amazon:linux:rubygem20-io-console", "p-cpe:/a:amazon:linux:rubygem20-psych", "p-cpe:/a:amazon:linux:rubygem22-bigdecimal"], "id": "ALA_ALAS-2018-983.NASL", "href": "https://www.tenable.com/plugins/nessus/108846", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2018-983.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108846);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/07/10 16:04:12\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2017-17790\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"ALAS\", value:\"2018-983\");\n\n script_name(english:\"Amazon Linux AMI : ruby20 / ruby22,ruby23,ruby24 (ALAS-2018-983)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Path traversal when writing to a symlinked basedir outside of the root\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDirectory Traversal vulnerability in install_location function of\npackage.rb that can result in path traversal when writing to a\nsymlinked basedir outside of the root. This vulnerability appears to\nhave been fixed in 2.7.6. (CVE-2018-1000073)\n\nImproper verification of signatures in tarball allows to install\nmis-signed gem :\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nImproper Verification of Cryptographic Signature vulnerability in\npackage.rb that can result in a mis-signed gem could be installed, as\nthe tarball would contain multiple gem signatures.. This vulnerability\nappears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\nInfinite loop vulnerability due to negative size in tar header causes\nDenial of Service\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\ninfinite loop caused by negative size vulnerability in ruby gem\npackage tar header that can result in a negative size could cause an\ninfinite loop.. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000075)\n\nCommand injection in lib/resolv.rb:lazy_initialize() allows arbitrary\ncode execution :\n\nThe 'lazy_initialize' function in lib/resolv.rb did not properly\nprocess certain filenames. A remote attacker could possibly exploit\nthis flaw to inject and execute arbitrary commands. (CVE-2017-17790)\n\nMissing URL validation on spec home attribute allows malicious gem to\nset an invalid homepage URL :\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nImproper Input Validation vulnerability in ruby gems specification\nhomepage attribute that can result in a malicious gem could set an\ninvalid homepage URL. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000077)\n\nXSS vulnerability in homepage attribute when displayed via gem server\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute that can result in XSS. This attack appear to be\nexploitable via the victim must browse to a malicious gem on a\nvulnerable gem server. This vulnerability appears to have been fixed\nin 2.7.6. (CVE-2018-1000078)\n\nUnsafe Object Deserialization Vulnerability in gem owner allowing\narbitrary code execution on specially crafted YAML\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDeserialization of Untrusted Data vulnerability in owner command that\ncan result in code execution. This attack appear to be exploitable via\nvictim must run the `gem owner` command on a gem with a specially\ncrafted YAML file. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000074)\n\nPath traversal issue during gem installation allows to write to\narbitrary filesystem locations\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDirectory Traversal vulnerability in gem installation that can result\nin the gem could write to arbitrary filesystem locations during\ninstallation. This attack appear to be exploitable via the victim must\ninstall a malicious gem. This vulnerability appears to have been fixed\nin 2.7.6. (CVE-2018-1000079)\n\nIf a script accepts an external input and outputs it without\nmodification as a part of HTTP responses, an attacker can use newline\ncharacters to deceive the clients that the HTTP response header is\nstopped at there, and can inject fake HTTP responses after the newline\ncharacters to show malicious contents to the clients.(CVE-2017-17742)\n\nThe Dir.mktmpdir method introduced by tmpdir library accepts the\nprefix and the suffix of the directory which is created as the first\nparameter. The prefix can contain relative directory specifiers '../',\nso this method can be used to target any directory. So, if a script\naccepts an external input as the prefix, and the targeted directory\nhas inappropriate permissions or the ruby process has inappropriate\nprivileges, the attacker can create a directory or a file at any\ndirectory.(CVE-2018-6914)\n\nIf an attacker sends a large request which contains huge HTTP headers,\nWEBrick try to process it on memory, so the request causes the\nout-of-memory DoS attack.(CVE-2018-8777)\n\nString#unpack receives format specifiers as its parameter, and can be\nspecified the position of parsing the data by the specifier @. If a\nbig number is passed with @, the number is treated as the negative\nvalue, and out-of-buffer read is occurred. So, if a script accepts an\nexternal input as the argument of String#unpack, the attacker can read\ndata on heaps.(CVE-2018-8778)\n\nUNIXServer.open accepts the path of the socket to be created at the\nfirst parameter. If the path contains NUL (\\0) bytes, this method\nrecognize that the path is completed before the NUL bytes. So, if a\nscript accepts an external input as the argument of this method, the\nattacker can make the socket file in the unintentional path. And,\nUNIXSocket.open also accepts the path of the socket to be created at\nthe first parameter without checking NUL bytes like UNIXServer.open.\nSo, if a script accepts an external input as the argument of this\nmethod, the attacker can accepts the socket file in the unintentional\npath.(CVE-2018-8779)\n\nDir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the\ntarget directory as their parameter. If the parameter contains NUL\n(\\0) bytes, these methods recognize that the path is completed before\nthe NUL bytes. So, if a script accepts an external input as the\nargument of these methods, the attacker can make the unintentional\ndirectory traversal.(CVE-2018-8780)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2018-983.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update ruby20' to update your system.\n\nRun 'yum update ruby22' to update your system.\n\nRun 'yum update ruby23' to update your system.\n\nRun 'yum update ruby24' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby20-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby22-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby23-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby24-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem20-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem22-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem23-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-did_you_mean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem24-xmlrpc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems20-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems22-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems23-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems24-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-debuginfo-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-devel-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-doc-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-irb-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby20-libs-2.0.0.648-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-debuginfo-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-devel-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-doc-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-irb-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby22-libs-2.2.10-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-debuginfo-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-devel-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-doc-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-irb-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby23-libs-2.3.7-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-debuginfo-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-devel-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-doc-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-irb-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby24-libs-2.4.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-bigdecimal-1.2.0-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-io-console-0.4.2-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem20-psych-2.0.0-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-bigdecimal-1.2.6-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-io-console-0.4.3-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem22-psych-2.0.8.1-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-bigdecimal-1.2.8-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-did_you_mean-1.0.0-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-io-console-0.4.5-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-json-1.8.3.1-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem23-psych-2.1.0.1-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-bigdecimal-1.3.2-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-did_you_mean-1.1.0-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-io-console-0.4.6-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-json-2.0.4-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-psych-2.2.2-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem24-xmlrpc-0.2.1-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-2.0.14.1-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems20-devel-2.0.14.1-1.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-2.4.5.2-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems22-devel-2.4.5.2-1.11.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-2.5.2.3-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems23-devel-2.5.2.3-1.19.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-2.6.14.1-1.30.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems24-devel-2.6.14.1-1.30.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby20 / ruby20-debuginfo / ruby20-devel / ruby20-doc / ruby20-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:22:49", "description": "New ruby packages are available for Slackware 14.2 and -current to fix security issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : ruby (SSA:2017-261-03)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:ruby", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2017-261-03.NASL", "href": "https://www.tenable.com/plugins/nessus/103308", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2017-261-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103308);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_xref(name:\"SSA\", value:\"2017-261-03\");\n\n script_name(english:\"Slackware 14.2 / current : ruby (SSA:2017-261-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 14.2 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.371069\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5c56759f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"ruby\", pkgver:\"2.2.8\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"2.2.8\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"2.4.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"2.4.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:34:29", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6.(CVE-2018-1000076)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : ruby (EulerOS-SA-2018-1207)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1207.NASL", "href": "https://www.tenable.com/plugins/nessus/110871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110871);\n script_version(\"1.44\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : ruby (EulerOS-SA-2018-1207)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did\n not sanitize their file name argument. An attacker with\n control over the name could create temporary files and\n directories outside of the dedicated\n directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack\n decodes the unpacking format. An attacker, able to\n control the unpack format, could use this flaw to\n disclose arbitrary parts of the application's\n memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and\n UNIXServer::open ruby methods did not handle the NULL\n byte properly. An attacker, able to inject NULL bytes\n in the socket path, could possibly trigger an\n unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did\n not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could\n possibly trigger an unspecified behavior of the ruby\n script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an\n excessive amount of memory during the processing of\n HTTP requests, leading to a Denial of Service. An\n attacker could use this flaw to send huge requests to a\n WEBrick application, resulting in the server running\n out of memory.(CVE-2018-8777)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a infinite loop\n caused by negative size vulnerability in ruby gem\n package tar header that can result in a negative size\n could cause an infinite loop.. This vulnerability\n appears to have been fixed in 2.7.6.(CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Improper\n Verification of Cryptographic Signature vulnerability\n in package.rb that can result in a mis-signed gem could\n be installed, as the tarball would contain multiple gem\n signatures.. This vulnerability appears to have been\n fixed in 2.7.6.(CVE-2018-1000076)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1207\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ada4070\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h10\",\n \"ruby-irb-2.0.0.648-33.h10\",\n \"ruby-libs-2.0.0.648-33.h10\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:19:01", "description": "Multiple vulnerabilities were discovered in the interpreter for the Ruby language :\n\n - CVE-2015-9096 SMTP command injection in Net::SMTP.\n\n - CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension.\n\n - CVE-2017-0900 Denial of service in the RubyGems client.\n\n - CVE-2017-0901 Potential file overwrite in the RubyGems client.\n\n - CVE-2017-0902 DNS hijacking in the RubyGems client.\n\n - CVE-2017-14064 Heap memory disclosure in the JSON library.", "cvss3": {}, "published": "2017-09-06T00:00:00", "type": "nessus", "title": "Debian DSA-3966-1 : ruby2.3 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-9096", "CVE-2016-7798", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-14064"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:ruby2.3", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-3966.NASL", "href": "https://www.tenable.com/plugins/nessus/102964", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3966. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102964);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-9096\", \"CVE-2016-7798\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-14064\");\n script_xref(name:\"DSA\", value:\"3966\");\n\n script_name(english:\"Debian DSA-3966-1 : ruby2.3 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the interpreter for the\nRuby language :\n\n - CVE-2015-9096\n SMTP command injection in Net::SMTP.\n\n - CVE-2016-7798\n Incorrect handling of initialization vector in the GCM\n mode in the OpenSSL extension.\n\n - CVE-2017-0900\n Denial of service in the RubyGems client.\n\n - CVE-2017-0901\n Potential file overwrite in the RubyGems client.\n\n - CVE-2017-0902\n DNS hijacking in the RubyGems client.\n\n - CVE-2017-14064\n Heap memory disclosure in the JSON library.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-9096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-7798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-14064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby2.3\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3966\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby2.3 packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 2.3.3-1+deb9u1. This update also hardens RubyGems against\nmalicious terminal escape sequences (CVE-2017-0899 ).\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libruby2.3\", reference:\"2.3.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3\", reference:\"2.3.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-dev\", reference:\"2.3.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-doc\", reference:\"2.3.3-1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby2.3-tcltk\", reference:\"2.3.3-1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:32:25", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ruby packages installed that are affected by multiple vulnerabilities:\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000073)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)\n\n - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000078)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem.\n This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000079)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. (CVE-2018-8779)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-02T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0221_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/131412", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0221. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131412);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-17742\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_bugtraq_id(\n 103683,\n 103684,\n 103686,\n 103693,\n 103739,\n 103767,\n 105955\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0221)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ruby packages installed that are affected by\nmultiple vulnerabilities:\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker controlling the unpacking format (similar to\n format string vulnerabilities) can trigger a buffer\n under-read in the String#unpack method, resulting in a\n massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in install_location function of\n package.rb that can result in path traversal when\n writing to a symlinked basedir outside of the root. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000073)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n Dir.open, Dir.new, Dir.entries and Dir.empty? methods do\n not check NULL characters. When using the corresponding\n method, unintentional directory traversal may be\n performed. (CVE-2018-8780)\n\n - Directory traversal vulnerability in the Dir.mktmpdir\n method in the tmpdir library in Ruby before 2.2.10,\n 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before\n 2.5.1, and 2.6.0-preview1 might allow attackers to\n create arbitrary directories or files via a .. (dot dot)\n in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker can pass a large HTTP request with a crafted\n header to WEBrick server or a crafted body to WEBrick\n server/handler and cause a denial of service (memory\n consumption). (CVE-2018-8777)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an\n HTTP Response Splitting attack. An attacker can inject a\n crafted key and value into an HTTP response for the HTTP\n server of WEBrick. (CVE-2017-17742)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Deserialization\n of Untrusted Data vulnerability in owner command that\n can result in code execution. This attack appear to be\n exploitable via victim must run the `gem owner` command\n on a gem with a specially crafted YAML file. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Cross Site\n Scripting (XSS) vulnerability in gem server display of\n homepage attribute that can result in XSS. This attack\n appear to be exploitable via the victim must browse to a\n malicious gem on a vulnerable gem server. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000078)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in gem installation that can\n result in the gem could write to arbitrary filesystem\n locations during installation. This attack appear to be\n exploitable via the victim must install a malicious gem.\n This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000079)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x\n before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n 2.6.0-preview3. It does not taint strings that result\n from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n UNIXServer.open and UNIXSocket.open methods are not\n checked for null characters. It may be connected to an\n unintended socket. (CVE-2018-8779)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a infinite loop\n caused by negative size vulnerability in ruby gem\n package tar header that can result in a negative size\n could cause an infinite loop.. This vulnerability\n appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Improper\n Verification of Cryptographic Signature vulnerability in\n package.rb that can result in a mis-signed gem could be\n installed, as the tarball would contain multiple gem\n signatures.. This vulnerability appears to have been\n fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Improper Input\n Validation vulnerability in ruby gems specification\n homepage attribute that can result in a malicious gem\n could set an invalid homepage URL. This vulnerability\n appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0221\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ruby packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"ruby-2.0.0.648-36.el7\",\n \"ruby-debuginfo-2.0.0.648-36.el7\",\n \"ruby-devel-2.0.0.648-36.el7\",\n \"ruby-doc-2.0.0.648-36.el7\",\n \"ruby-irb-2.0.0.648-36.el7\",\n \"ruby-libs-2.0.0.648-36.el7\",\n \"ruby-tcltk-2.0.0.648-36.el7\",\n \"rubygem-bigdecimal-1.2.0-36.el7\",\n \"rubygem-io-console-0.4.2-36.el7\",\n \"rubygem-json-1.7.7-36.el7\",\n \"rubygem-minitest-4.3.2-36.el7\",\n \"rubygem-psych-2.0.0-36.el7\",\n \"rubygem-rake-0.9.6-36.el7\",\n \"rubygem-rdoc-4.0.0-36.el7\",\n \"rubygems-2.0.14.1-36.el7\",\n \"rubygems-devel-2.0.14.1-36.el7\"\n ],\n \"CGSL MAIN 5.04\": [\n \"ruby-2.0.0.648-36.el7\",\n \"ruby-debuginfo-2.0.0.648-36.el7\",\n \"ruby-devel-2.0.0.648-36.el7\",\n \"ruby-doc-2.0.0.648-36.el7\",\n \"ruby-irb-2.0.0.648-36.el7\",\n \"ruby-libs-2.0.0.648-36.el7\",\n \"ruby-tcltk-2.0.0.648-36.el7\",\n \"rubygem-bigdecimal-1.2.0-36.el7\",\n \"rubygem-io-console-0.4.2-36.el7\",\n \"rubygem-json-1.7.7-36.el7\",\n \"rubygem-minitest-4.3.2-36.el7\",\n \"rubygem-psych-2.0.0-36.el7\",\n \"rubygem-rake-0.9.6-36.el7\",\n \"rubygem-rdoc-4.0.0-36.el7\",\n \"rubygems-2.0.14.1-36.el7\",\n \"rubygems-devel-2.0.14.1-36.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:31:47", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ruby packages installed that are affected by multiple vulnerabilities:\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000073)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)\n\n - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000078)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem.\n This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000079)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. (CVE-2018-8779)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0245_RUBY.NASL", "href": "https://www.tenable.com/plugins/nessus/132492", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0245. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132492);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2017-17742\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_bugtraq_id(\n 103683,\n 103684,\n 103686,\n 103693,\n 103739,\n 103767,\n 105955\n );\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : ruby Multiple Vulnerabilities (NS-SA-2019-0245)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ruby packages installed that are affected by\nmultiple vulnerabilities:\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker controlling the unpacking format (similar to\n format string vulnerabilities) can trigger a buffer\n under-read in the String#unpack method, resulting in a\n massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in install_location function of\n package.rb that can result in path traversal when\n writing to a symlinked basedir outside of the root. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000073)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n Dir.open, Dir.new, Dir.entries and Dir.empty? methods do\n not check NULL characters. When using the corresponding\n method, unintentional directory traversal may be\n performed. (CVE-2018-8780)\n\n - Directory traversal vulnerability in the Dir.mktmpdir\n method in the tmpdir library in Ruby before 2.2.10,\n 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before\n 2.5.1, and 2.6.0-preview1 might allow attackers to\n create arbitrary directories or files via a .. (dot dot)\n in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker can pass a large HTTP request with a crafted\n header to WEBrick server or a crafted body to WEBrick\n server/handler and cause a denial of service (memory\n consumption). (CVE-2018-8777)\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an\n HTTP Response Splitting attack. An attacker can inject a\n crafted key and value into an HTTP response for the HTTP\n server of WEBrick. (CVE-2017-17742)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Deserialization\n of Untrusted Data vulnerability in owner command that\n can result in code execution. This attack appear to be\n exploitable via victim must run the `gem owner` command\n on a gem with a specially crafted YAML file. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Cross Site\n Scripting (XSS) vulnerability in gem server display of\n homepage attribute that can result in XSS. This attack\n appear to be exploitable via the victim must browse to a\n malicious gem on a vulnerable gem server. This\n vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000078)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in gem installation that can\n result in the gem could write to arbitrary filesystem\n locations during installation. This attack appear to be\n exploitable via the victim must install a malicious gem.\n This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000079)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x\n before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n 2.6.0-preview3. It does not taint strings that result\n from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before\n 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n UNIXServer.open and UNIXSocket.open methods are not\n checked for null characters. It may be connected to an\n unintended socket. (CVE-2018-8779)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a infinite loop\n caused by negative size vulnerability in ruby gem\n package tar header that can result in a negative size\n could cause an infinite loop.. This vulnerability\n appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Improper\n Verification of Cryptographic Signature vulnerability in\n package.rb that can result in a mis-signed gem could be\n installed, as the tarball would contain multiple gem\n signatures.. This vulnerability appears to have been\n fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier,\n Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,\n prior to trunk revision 62422 contains a Improper Input\n Validation vulnerability in ruby gems specification\n homepage attribute that can result in a malicious gem\n could set an invalid homepage URL. This vulnerability\n appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0245\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL ruby packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.05\": [\n \"ruby-2.0.0.648-36.el7\",\n \"ruby-debuginfo-2.0.0.648-36.el7\",\n \"ruby-devel-2.0.0.648-36.el7\",\n \"ruby-doc-2.0.0.648-36.el7\",\n \"ruby-irb-2.0.0.648-36.el7\",\n \"ruby-libs-2.0.0.648-36.el7\",\n \"ruby-tcltk-2.0.0.648-36.el7\",\n \"rubygem-bigdecimal-1.2.0-36.el7\",\n \"rubygem-io-console-0.4.2-36.el7\",\n \"rubygem-json-1.7.7-36.el7\",\n \"rubygem-minitest-4.3.2-36.el7\",\n \"rubygem-psych-2.0.0-36.el7\",\n \"rubygem-rake-0.9.6-36.el7\",\n \"rubygem-rdoc-4.0.0-36.el7\",\n \"rubygems-2.0.14.1-36.el7\",\n \"rubygems-devel-2.0.14.1-36.el7\"\n ],\n \"CGSL MAIN 5.05\": [\n \"ruby-2.0.0.648-36.el7\",\n \"ruby-debuginfo-2.0.0.648-36.el7\",\n \"ruby-devel-2.0.0.648-36.el7\",\n \"ruby-doc-2.0.0.648-36.el7\",\n \"ruby-irb-2.0.0.648-36.el7\",\n \"ruby-libs-2.0.0.648-36.el7\",\n \"ruby-tcltk-2.0.0.648-36.el7\",\n \"rubygem-bigdecimal-1.2.0-36.el7\",\n \"rubygem-io-console-0.4.2-36.el7\",\n \"rubygem-json-1.7.7-36.el7\",\n \"rubygem-minitest-4.3.2-36.el7\",\n \"rubygem-psych-2.0.0-36.el7\",\n \"rubygem-rake-0.9.6-36.el7\",\n \"rubygem-rdoc-4.0.0-36.el7\",\n \"rubygems-2.0.14.1-36.el7\",\n \"rubygems-devel-2.0.14.1-36.el7\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:18:53", "description": "Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability\n\nCVE-2017-0900\n\nDOS vulernerability in the query command\n\nCVE-2017-0901\n\ngem installer allows a malicious gem to overwrite arbitrary files\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic authentication of WEBrick\n\nCVE-2017-14033\n\nBuffer underrun vulnerability in OpenSSL ASN1 decode\n\nCVE-2017-14064\n\nHeap exposure vulnerability in generating JSON\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.9.3.194-8.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-27T00:00:00", "type": "nessus", "title": "Debian DLA-1114-1 : ruby1.9.1 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby1.9.1", "p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg", "p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1", "p-cpe:/a:debian:debian_linux:ri1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1", "p-cpe:/a:debian:debian_linux:ruby1.9.1-dev", "p-cpe:/a:debian:debian_linux:ruby1.9.1-examples", "p-cpe:/a:debian:debian_linux:ruby1.9.1-full", "p-cpe:/a:debian:debian_linux:ruby1.9.3", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1114.NASL", "href": "https://www.tenable.com/plugins/nessus/103472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1114-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103472);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n\n script_name(english:\"Debian DLA-1114-1 : ruby1.9.1 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were discovered in the Ruby 1.9 interpretor.\n\nCVE-2017-0898\n\nBuffer underrun vulnerability in Kernel.sprintf\n\nCVE-2017-0899\n\nANSI escape sequence vulnerability\n\nCVE-2017-0900\n\nDOS vulernerability in the query command\n\nCVE-2017-0901\n\ngem installer allows a malicious gem to overwrite arbitrary files\n\nCVE-2017-10784\n\nEscape sequence injection vulnerability in the Basic authentication of\nWEBrick\n\nCVE-2017-14033\n\nBuffer underrun vulnerability in OpenSSL ASN1 decode\n\nCVE-2017-14064\n\nHeap exposure vulnerability in generating JSON\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.9.3.194-8.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/09/msg00029.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ruby1.9.1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ri1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.1-full\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.9.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.9.1-dbg\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtcltk-ruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ri1.9.1\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-dev\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-examples\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.1-full\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.9.3\", reference:\"1.9.3.194-8.1+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:26:05", "description": "New ruby packages are available for Slackware 14.2 and -current to fix security issues.", "cvss3": {}, "published": "2018-03-30T00:00:00", "type": "nessus", "title": "Slackware 14.2 / current : ruby (SSA:2018-088-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2018-09-04T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:ruby", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-088-01.NASL", "href": "https://www.tenable.com/plugins/nessus/108725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-088-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108725);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/09/04 13:20:08\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"SSA\", value:\"2018-088-01\");\n\n script_name(english:\"Slackware 14.2 / current : ruby (SSA:2018-088-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 14.2 and -current to\nfix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.395952\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3d0a8841\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"ruby\", pkgver:\"2.2.10\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"2.2.10\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"2.5.1\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"2.5.1\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:11", "description": "Some of these CVE were already addressed in previous USN: 3439-1, 3553-1, 3528-1. Here we address for the remain releases.\n\nIt was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898)\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby was vulnerable to a DNS hijacking vulnerability. An attacker could use this to possibly force the RubyGems client to download and install gems from a server that the attacker controls. (CVE-2017-0902)\n\nIt was discovered that Ruby incorrectly handled certain YAML files. An attacker could use this to possibly execute arbitrary code.\n(CVE-2017-0903)\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information.\n(CVE-2017-14064)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to inject a crafted key into a HTTP response. (CVE-2017-17742)\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker could possibly use this to execute arbitrary code. This update is only addressed to ruby2.0. (CVE-2018-1000074)\n\nIt was discovered that Ruby incorrectly handled certain network requests. An attacker could possibly use this to cause a denial of service. (CVE-2018-8777).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-15T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Ruby vulnerabilities (USN-3685-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0901", "CVE-2017-0902", "CVE-2017-0903", "CVE-2017-10784", "CVE-2017-14064", "CVE-2017-17742", "CVE-2018-1000074", "CVE-2018-8777"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:libruby2.0", "p-cpe:/a:canonical:ubuntu_linux:libruby2.3", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.3", "p-cpe:/a:canonical:ubuntu_linux:ruby2.0", "p-cpe:/a:canonical:ubuntu_linux:ruby2.3", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3685-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110551", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3685-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110551);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0901\", \"CVE-2017-0902\", \"CVE-2017-0903\", \"CVE-2017-10784\", \"CVE-2017-14064\", \"CVE-2017-17742\", \"CVE-2018-1000074\", \"CVE-2018-8777\");\n script_xref(name:\"USN\", value:\"3685-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Ruby vulnerabilities (USN-3685-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Some of these CVE were already addressed in previous USN: 3439-1,\n3553-1, 3528-1. Here we address for the remain releases.\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could use this to cause a buffer overrun. (CVE-2017-0898)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby was vulnerable to a DNS hijacking\nvulnerability. An attacker could use this to possibly force the\nRubyGems client to download and install gems from a server that the\nattacker controls. (CVE-2017-0902)\n\nIt was discovered that Ruby incorrectly handled certain YAML files. An\nattacker could use this to possibly execute arbitrary code.\n(CVE-2017-0903)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could use this to expose sensitive information.\n(CVE-2017-14064)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could use this to execute arbitrary code. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain network\nrequests. An attacker could possibly use this to inject a crafted key\ninto a HTTP response. (CVE-2017-17742)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could possibly use this to execute arbitrary code. This\nupdate is only addressed to ruby2.0. (CVE-2018-1000074)\n\nIt was discovered that Ruby incorrectly handled certain network\nrequests. An attacker could possibly use this to cause a denial of\nservice. (CVE-2018-8777).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3685-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2023 Canonical, Inc. / NASL script (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libruby2.0\", pkgver:\"2.0.0.484-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby1.9.3\", pkgver:\"1.9.3.484-2ubuntu1.12\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby2.0\", pkgver:\"2.0.0.484-1ubuntu2.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libruby2.3\", pkgver:\"2.3.1-2~16.04.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"ruby2.3\", pkgver:\"2.3.1-2~16.04.10\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libruby2.3\", pkgver:\"2.3.3-1ubuntu1.6\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"ruby2.3\", pkgver:\"2.3.3-1ubuntu1.6\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.9.1 / libruby2.0 / libruby2.3 / ruby1.9.1 / ruby1.9.3 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T18:07:25", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2028 advisory.\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. (CVE-2018-8779)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000077)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server.\n This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ruby (ELSA-2019-2028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:ruby", "p-cpe:/a:oracle:linux:ruby-devel", "p-cpe:/a:oracle:linux:ruby-doc", "p-cpe:/a:oracle:linux:ruby-irb", "p-cpe:/a:oracle:linux:ruby-libs", "p-cpe:/a:oracle:linux:ruby-tcltk", "p-cpe:/a:oracle:linux:rubygem-bigdecimal", "p-cpe:/a:oracle:linux:rubygem-io-console", "p-cpe:/a:oracle:linux:rubygem-json", "p-cpe:/a:oracle:linux:rubygem-minitest", "p-cpe:/a:oracle:linux:rubygem-psych", "p-cpe:/a:oracle:linux:rubygem-rake", "p-cpe:/a:oracle:linux:rubygem-rdoc", "p-cpe:/a:oracle:linux:rubygems", "p-cpe:/a:oracle:linux:rubygems-devel"], "id": "ORACLELINUX_ELSA-2019-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/180804", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-2028.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180804);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2017-17742\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n\n script_name(english:\"Oracle Linux 7 : ruby (ELSA-2019-2028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-2028 advisory.\n\n - Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows\n an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response\n for the HTTP server of WEBrick. (CVE-2017-17742)\n\n - Directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library in Ruby before 2.2.10,\n 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 might allow attackers to\n create arbitrary directories or files via a .. (dot dot) in the prefix argument. (CVE-2018-6914)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to\n WEBrick server/handler and cause a denial of service (memory consumption). (CVE-2018-8777)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an\n unintended socket. (CVE-2018-8779)\n\n - An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before\n 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n (CVE-2018-16396)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in install_location function of package.rb that can result in path traversal when\n writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in\n 2.7.6. (CVE-2018-1000073)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a\n Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This\n attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially\n crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite\n loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative\n size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000075)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper\n Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem\n could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to\n have been fixed in 2.7.6. (CVE-2018-1000076)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper\n Input Validation vulnerability in ruby gems specification homepage attribute that can result in a\n malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6.\n (CVE-2018-1000077)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site\n Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This\n attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server.\n This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an\n attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer\n under-read in the String#unpack method, resulting in a massive and controlled information disclosure.\n (CVE-2018-8778)\n\n - In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the\n Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the\n corresponding method, unintentional directory traversal may be performed. (CVE-2018-8780)\n\n - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series:\n 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory\n Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem\n locations during installation. This attack appear to be exploitable via the victim must install a\n malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-2028.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rubygems-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'ruby-doc-2.0.0.648-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.0.0.648-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-4.3.2-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-0.9.6-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-4.0.0-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.0.14.1-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.0.14.1-36.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-36.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-36.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:29:46", "description": "Multiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues :\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable to an HTTP response splitting vulnerability. It was possible for an attacker to inject fake HTTP responses if a script accepted an external input and output it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the Dir.mktmpdir method in the tmpdir library. It made it possible for attackers to create arbitrary directories or files via a .. (dot dot) in the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a large request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby String#unpack method. If a big number was passed with the specifier @, the number was treated as a negative value, and an out-of-buffer read occurred. Attackers could read data on heaps if an script accepts an external input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open methods of the socket library bundled with Ruby did not check for NUL bytes in the path argument. The lack of check made the methods vulnerable to unintentional socket creation and unintentional socket access.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some methods in Dir, by the lack of checking for NUL bytes in their parameter.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.8.7.358-7.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.8 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-24T00:00:00", "type": "nessus", "title": "Debian DLA-1359-1 : ruby1.8 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:libruby1.8", "p-cpe:/a:debian:debian_linux:libruby1.8-dbg", "p-cpe:/a:debian:debian_linux:libtcltk-ruby1.8", "p-cpe:/a:debian:debian_linux:ri1.8", "p-cpe:/a:debian:debian_linux:ruby1.8", "p-cpe:/a:debian:debian_linux:ruby1.8-dev", "p-cpe:/a:debian:debian_linux:ruby1.8-examples", "p-cpe:/a:debian:debian_linux:ruby1.8-full", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1359.NASL", "href": "https://www.tenable.com/plugins/nessus/109284", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1359-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(109284);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"Debian DLA-1359-1 : ruby1.8 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the interpreter for the Ruby\nlanguage. The Common Vulnerabilities and Exposures project identifies\nthe following issues :\n\nCVE-2017-17742\n\nAaron Patterson reported that WEBrick bundled with Ruby was vulnerable\nto an HTTP response splitting vulnerability. It was possible for an\nattacker to inject fake HTTP responses if a script accepted an\nexternal input and output it without modifications.\n\nCVE-2018-6914\n\nooooooo_q discovered a directory traversal vulnerability in the\nDir.mktmpdir method in the tmpdir library. It made it possible for\nattackers to create arbitrary directories or files via a .. (dot dot)\nin the prefix argument.\n\nCVE-2018-8777\n\nEric Wong reported an out-of-memory DoS vulnerability related to a\nlarge request in WEBrick bundled with Ruby.\n\nCVE-2018-8778\n\naerodudrizzt found a buffer under-read vulnerability in the Ruby\nString#unpack method. If a big number was passed with the specifier @,\nthe number was treated as a negative value, and an out-of-buffer read\noccurred. Attackers could read data on heaps if an script accepts an\nexternal input as the argument of String#unpack.\n\nCVE-2018-8779\n\nooooooo_q reported that the UNIXServer.open and UNIXSocket.open\nmethods of the socket library bundled with Ruby did not check for NUL\nbytes in the path argument. The lack of check made the methods\nvulnerable to unintentional socket creation and unintentional socket\naccess.\n\nCVE-2018-8780\n\nooooooo_q discovered an unintentional directory traversal in some\nmethods in Dir, by the lack of checking for NUL bytes in their\nparameter.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.8.7.358-7.1+deb7u6.\n\nWe recommend that you upgrade your ruby1.8 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/ruby1.8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libruby1.8-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libtcltk-ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ri1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8-examples\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby1.8-full\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.8\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libruby1.8-dbg\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"libtcltk-ruby1.8\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ri1.8\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.8\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.8-dev\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.8-examples\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"ruby1.8-full\", reference:\"1.8.7.358-7.1+deb7u6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:28:37", "description": "Ruby news :\n\nCVE-2017-17742: HTTP response splitting in WEBrick\n\nIf a script accepts an external input and outputs it without modification as a part of HTTP responses, an attacker can use newline characters to deceive the clients that the HTTP response header is stopped at there, and can inject fake HTTP responses after the newline characters to show malicious contents to the clients.\n\nCVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir\n\nDir.mktmpdir method introduced by tmpdir library accepts the prefix and the suffix of the directory which is created as the first parameter. The prefix can contain relative directory specifiers '../', so this method can be used to target any directory. So, if a script accepts an external input as the prefix, and the targeted directory has inappropriate permissions or the ruby process has inappropriate privileges, the attacker can create a directory or a file at any directory.\n\nCVE-2018-8777: DoS by large request in WEBrick\n\nIf an attacker sends a large request which contains huge HTTP headers, WEBrick try to process it on memory, so the request causes the out-of-memory DoS attack.\n\nCVE-2018-8778: Buffer under-read in String#unpack\n\nString#unpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the argument of String#unpack, the attacker can read data on heaps.\n\nCVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket\n\nUNIXServer.open accepts the path of the socket to be created at the first parameter. If the path contains NUL (\\0) bytes, this method recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of this method, the attacker can make the socket file in the unintentional path. And, UNIXSocket.open also accepts the path of the socket to be created at the first parameter without checking NUL bytes like UNIXServer.open.\nSo, if a script accepts an external input as the argument of this method, the attacker can accepts the socket file in the unintentional path.\n\nCVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir\n\nDir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the target directory as their parameter. If the parameter contains NUL (\\0) bytes, these methods recognize that the path is completed before the NUL bytes. So, if a script accepts an external input as the argument of these methods, the attacker can make the unintentional directory traversal.", "cvss3": {}, "published": "2018-03-30T00:00:00", "type": "nessus", "title": "FreeBSD : ruby -- multiple vulnerabilities (eb69bcf2-18ef-4aa2-bb0c-83b263364089)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2019-07-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ruby", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_EB69BCF218EF4AA2BB0C83B263364089.NASL", "href": "https://www.tenable.com/plugins/nessus/108739", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108739);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"FreeBSD : ruby -- multiple vulnerabilities (eb69bcf2-18ef-4aa2-bb0c-83b263364089)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ruby news :\n\nCVE-2017-17742: HTTP response splitting in WEBrick\n\nIf a script accepts an external input and outputs it without\nmodification as a part of HTTP responses, an attacker can use newline\ncharacters to deceive the clients that the HTTP response header is\nstopped at there, and can inject fake HTTP responses after the newline\ncharacters to show malicious contents to the clients.\n\nCVE-2018-6914: Unintentional file and directory creation with\ndirectory traversal in tempfile and tmpdir\n\nDir.mktmpdir method introduced by tmpdir library accepts the prefix\nand the suffix of the directory which is created as the first\nparameter. The prefix can contain relative directory specifiers '../',\nso this method can be used to target any directory. So, if a script\naccepts an external input as the prefix, and the targeted directory\nhas inappropriate permissions or the ruby process has inappropriate\nprivileges, the attacker can create a directory or a file at any\ndirectory.\n\nCVE-2018-8777: DoS by large request in WEBrick\n\nIf an attacker sends a large request which contains huge HTTP headers,\nWEBrick try to process it on memory, so the request causes the\nout-of-memory DoS attack.\n\nCVE-2018-8778: Buffer under-read in String#unpack\n\nString#unpack receives format specifiers as its parameter, and can be\nspecified the position of parsing the data by the specifier @. If a\nbig number is passed with @, the number is treated as the negative\nvalue, and out-of-buffer read is occurred. So, if a script accepts an\nexternal input as the argument of String#unpack, the attacker can read\ndata on heaps.\n\nCVE-2018-8779: Unintentional socket creation by poisoned NUL byte in\nUNIXServer and UNIXSocket\n\nUNIXServer.open accepts the path of the socket to be created at the\nfirst parameter. If the path contains NUL (\\0) bytes, this method\nrecognize that the path is completed before the NUL bytes. So, if a\nscript accepts an external input as the argument of this method, the\nattacker can make the socket file in the unintentional path. And,\nUNIXSocket.open also accepts the path of the socket to be created at\nthe first parameter without checking NUL bytes like UNIXServer.open.\nSo, if a script accepts an external input as the argument of this\nmethod, the attacker can accepts the socket file in the unintentional\npath.\n\nCVE-2018-8780: Unintentional directory traversal by poisoned NUL byte\nin Dir\n\nDir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the\ntarget directory as their parameter. If the parameter contains NUL\n(\\0) bytes, these methods recognize that the path is completed before\nthe NUL bytes. So, if a script accepts an external input as the\nargument of these methods, the attacker can make the unintentional\ndirectory traversal.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?71079310\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78bd7fa9\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4a4feab\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b770e41\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95c4af25\"\n );\n # https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?23857932\"\n );\n # https://vuxml.freebsd.org/freebsd/eb69bcf2-18ef-4aa2-bb0c-83b263364089.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e3e020f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.3.0,1<2.3.7,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.4.0,1<2.4.4,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ruby>=2.5.0,1<2.5.1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:33:36", "description": "Backport `rubygem.macros` changes. Enables maintaners to build rubygems using same macros in all Fedoras.\n\n----\n\nRebase to Ruby 2.4.4. Includes several CVE fixes.\nhttps://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-06-07T00:00:00", "type": "nessus", "title": "Fedora 27 : ruby (2018-a459acd54b)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ruby", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-A459ACD54B.NASL", "href": "https://www.tenable.com/plugins/nessus/110389", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-a459acd54b.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110389);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"FEDORA\", value:\"2018-a459acd54b\");\n\n script_name(english:\"Fedora 27 : ruby (2018-a459acd54b)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Backport `rubygem.macros` changes. Enables maintaners to build\nrubygems using same macros in all Fedoras.\n\n----\n\nRebase to Ruby 2.4.4. Includes several CVE fixes.\nhttps://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-a459acd54b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"ruby-2.4.4-89.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:40:29", "description": "- Rebase to Ruby 2.5.1.\n\n - Several CVE fixes.\n\n - Conflict requirement needs to generate dependency.\n\n - Stop using --with-setjmp-type=setjmp on aarch64.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-03T00:00:00", "type": "nessus", "title": "Fedora 28 : ruby (2018-dd8162c004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ruby", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-DD8162C004.NASL", "href": "https://www.tenable.com/plugins/nessus/120846", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-dd8162c004.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120846);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"FEDORA\", value:\"2018-dd8162c004\");\n\n script_name(english:\"Fedora 28 : ruby (2018-dd8162c004)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Rebase to Ruby 2.5.1.\n\n - Several CVE fixes.\n\n - Conflict requirement needs to generate dependency.\n\n - Stop using --with-setjmp-type=setjmp on aarch64.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-dd8162c004\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"ruby-2.5.1-92.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:23:16", "description": "It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.\n(CVE-2018-8777)\n\nIt was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory. (CVE-2018-6914)\n\nIt was found that WEBrick did not sanitize headers sent back to clients, resulting in a response-splitting vulnerability. An attacker, able to control the server's headers, could force WEBrick into injecting additional headers to a client. (CVE-2017-17742)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\nIt was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script. (CVE-2018-8780)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000078)\n\nAn issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.\n(CVE-2018-16396)\n\nA integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory. (CVE-2018-8778)\n\nIt was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script. (CVE-2018-8779)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Deserialization of Untrusted Data vulnerability in owner command that can result in code execution. This attack appear to be exploitable via victim must run the `gem owner` command on a gem with a specially crafted YAML file. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000074)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000077)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in gem installation that can result in the gem could write to arbitrary filesystem locations during installation. This attack appear to be exploitable via the victim must install a malicious gem. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000079)", "cvss3": {}, "published": "2019-08-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ruby (ALAS-2019-1276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:ruby", "p-cpe:/a:amazon:linux:ruby-debuginfo", "p-cpe:/a:amazon:linux:ruby-devel", "p-cpe:/a:amazon:linux:ruby-doc", "p-cpe:/a:amazon:linux:ruby-irb", "p-cpe:/a:amazon:linux:ruby-libs", "p-cpe:/a:amazon:linux:ruby-tcltk", "p-cpe:/a:amazon:linux:rubygem-bigdecimal", "p-cpe:/a:amazon:linux:rubygem-io-console", "p-cpe:/a:amazon:linux:rubygem-json", "p-cpe:/a:amazon:linux:rubygem-minitest", "p-cpe:/a:amazon:linux:rubygem-psych", "p-cpe:/a:amazon:linux:rubygem-rake", "p-cpe:/a:amazon:linux:rubygem-rdoc", "p-cpe:/a:amazon:linux:rubygems", "p-cpe:/a:amazon:linux:rubygems-devel", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1276.NASL", "href": "https://www.tenable.com/plugins/nessus/128290", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1276.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128290);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-16396\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n script_xref(name:\"ALAS\", value:\"2019-1276\");\n\n script_name(english:\"Amazon Linux 2 : ruby (ALAS-2019-1276)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was found that WEBrick could be forced to use an excessive amount\nof memory during the processing of HTTP requests, leading to a Denial\nof Service. An attacker could use this flaw to send huge requests to a\nWEBrick application, resulting in the server running out of memory.\n(CVE-2018-8777)\n\nIt was found that the tmpdir and tempfile modules did not sanitize\ntheir file name argument. An attacker with control over the name could\ncreate temporary files and directories outside of the dedicated\ndirectory. (CVE-2018-6914)\n\nIt was found that WEBrick did not sanitize headers sent back to\nclients, resulting in a response-splitting vulnerability. An attacker,\nable to control the server's headers, could force WEBrick into\ninjecting additional headers to a client. (CVE-2017-17742)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDirectory Traversal vulnerability in install_location function of\npackage.rb that can result in path traversal when writing to a\nsymlinked basedir outside of the root. This vulnerability appears to\nhave been fixed in 2.7.6. (CVE-2018-1000073)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nImproper Verification of Cryptographic Signature vulnerability in\npackage.rb that can result in a mis-signed gem could be installed, as\nthe tarball would contain multiple gem signatures.. This vulnerability\nappears to have been fixed in 2.7.6. (CVE-2018-1000076)\n\nIt was found that the methods from the Dir class did not properly\nhandle strings containing the NULL byte. An attacker, able to inject\nNULL bytes in a path, could possibly trigger an unspecified behavior\nof the ruby script. (CVE-2018-8780)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\ninfinite loop caused by negative size vulnerability in ruby gem\npackage tar header that can result in a negative size could cause an\ninfinite loop.. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000075)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute that can result in XSS. This attack appear to be\nexploitable via the victim must browse to a malicious gem on a\nvulnerable gem server. This vulnerability appears to have been fixed\nin 2.7.6. (CVE-2018-1000078)\n\nAn issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5,\n2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint\nstrings that result from unpacking tainted strings with some formats.\n(CVE-2018-16396)\n\nA integer underflow was found in the way String#unpack decodes the\nunpacking format. An attacker, able to control the unpack format,\ncould use this flaw to disclose arbitrary parts of the application's\nmemory. (CVE-2018-8778)\n\nIt was found that the UNIXSocket::open and UNIXServer::open ruby\nmethods did not handle the NULL byte properly. An attacker, able to\ninject NULL bytes in the socket path, could possibly trigger an\nunspecified behavior of the ruby script. (CVE-2018-8779)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDeserialization of Untrusted Data vulnerability in owner command that\ncan result in code execution. This attack appear to be exploitable via\nvictim must run the `gem owner` command on a gem with a specially\ncrafted YAML file. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000074)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nImproper Input Validation vulnerability in ruby gems specification\nhomepage attribute that can result in a malicious gem could set an\ninvalid homepage URL. This vulnerability appears to have been fixed in\n2.7.6. (CVE-2018-1000077)\n\nRubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series:\n2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5\nseries: 2.5.0 and earlier, prior to trunk revision 62422 contains a\nDirectory Traversal vulnerability in gem installation that can result\nin the gem could write to arbitrary filesystem locations during\ninstallation. This attack appear to be exploitable via the victim must\ninstall a malicious gem. This vulnerability appears to have been fixed\nin 2.7.6. (CVE-2018-1000079)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1276.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update ruby' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", reference:\"ruby-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-debuginfo-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-devel-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-doc-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-irb-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-libs-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"ruby-tcltk-2.0.0.648-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-bigdecimal-1.2.0-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-io-console-0.4.2-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-json-1.7.7-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-minitest-4.3.2-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-psych-2.0.0-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-rake-0.9.6-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygem-rdoc-4.0.0-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygems-2.0.14.1-36.amzn2.0.1\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"rubygems-devel-2.0.14.1-36.amzn2.0.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:23:16", "description": "An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es) :\n\n* ruby: HTTP response splitting in WEBrick (CVE-2017-17742)\n\n* ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n* ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n* ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\n* ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)\n\n* rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n* rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)\n\n* rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)\n\n* rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n* rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n* rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)\n\n* ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (CVE-2018-6914)\n\n* ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket (CVE-2018-8779)\n\n* rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-30T00:00:00", "type": "nessus", "title": "CentOS 7 : ruby (CESA-2019:2028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:centos:centos:ruby", "p-cpe:/a:centos:centos:ruby-devel", "p-cpe:/a:centos:centos:ruby-doc", "p-cpe:/a:centos:centos:ruby-irb", "p-cpe:/a:centos:centos:ruby-libs", "p-cpe:/a:centos:centos:ruby-tcltk", "p-cpe:/a:centos:centos:rubygem-bigdecimal", "p-cpe:/a:centos:centos:rubygem-io-console", "p-cpe:/a:centos:centos:rubygem-json", "p-cpe:/a:centos:centos:rubygem-minitest", "p-cpe:/a:centos:centos:rubygem-psych", "p-cpe:/a:centos:centos:rubygem-rake", "p-cpe:/a:centos:centos:rubygem-rdoc", "p-cpe:/a:centos:centos:rubygems", "p-cpe:/a:centos:centos:rubygems-devel", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/128332", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2028 and \n# CentOS Errata and Security Advisory 2019:2028 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(128332);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2017-17742\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2028\");\n\n script_name(english:\"CentOS 7 : ruby (CESA-2019:2028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nSecurity Fix(es) :\n\n* ruby: HTTP response splitting in WEBrick (CVE-2017-17742)\n\n* ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n* ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n* ruby: Unintentional directory traversal by poisoned NULL byte in Dir\n(CVE-2018-8780)\n\n* ruby: Tainted flags are not propagated in Array#pack and\nString#unpack with some directives (CVE-2018-16396)\n\n* rubygems: Path traversal when writing to a symlinked basedir outside\nof the root (CVE-2018-1000073)\n\n* rubygems: Unsafe Object Deserialization Vulnerability in gem owner\nallowing arbitrary code execution on specially crafted YAML\n(CVE-2018-1000074)\n\n* rubygems: Improper verification of signatures in tarball allows to\ninstall mis-signed gem (CVE-2018-1000076)\n\n* rubygems: Missing URL validation on spec home attribute allows\nmalicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n* rubygems: XSS vulnerability in homepage attribute when displayed via\ngem server (CVE-2018-1000078)\n\n* rubygems: Path traversal issue during gem installation allows to\nwrite to arbitrary filesystem locations (CVE-2018-1000079)\n\n* ruby: Unintentional file and directory creation with directory\ntraversal in tempfile and tmpdir (CVE-2018-6914)\n\n* ruby: Unintentional socket creation by poisoned NULL byte in\nUNIXServer and UNIXSocket (CVE-2018-8779)\n\n* rubygems: Infinite loop vulnerability due to negative size in tar\nheader causes Denial of Service (CVE-2018-1000075)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006124.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ec6901d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-doc-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-irb-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-libs-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-minitest-4.3.2-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-rake-0.9.6-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygem-rdoc-4.0.0-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygems-2.0.14.1-36.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"rubygems-devel-2.0.14.1-36.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:23:18", "description": "An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es) :\n\n* ruby: HTTP response splitting in WEBrick (CVE-2017-17742)\n\n* ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n* ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n* ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\n* ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)\n\n* rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n* rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)\n\n* rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)\n\n* rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n* rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n* rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)\n\n* ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (CVE-2018-6914)\n\n* ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket (CVE-2018-8779)\n\n* rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "cvss3": {}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2019:2028)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-19T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:rubygem-psych", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:rubygems-devel", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-2028.NASL", "href": "https://www.tenable.com/plugins/nessus/127649", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2028. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127649);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2017-17742\",\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\",\n \"CVE-2018-16396\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_xref(name:\"RHSA\", value:\"2019:2028\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2019:2028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for ruby is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nSecurity Fix(es) :\n\n* ruby: HTTP response splitting in WEBrick (CVE-2017-17742)\n\n* ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n* ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n* ruby: Unintentional directory traversal by poisoned NULL byte in Dir\n(CVE-2018-8780)\n\n* ruby: Tainted flags are not propagated in Array#pack and\nString#unpack with some directives (CVE-2018-16396)\n\n* rubygems: Path traversal when writing to a symlinked basedir outside\nof the root (CVE-2018-1000073)\n\n* rubygems: Unsafe Object Deserialization Vulnerability in gem owner\nallowing arbitrary code execution on specially crafted YAML\n(CVE-2018-1000074)\n\n* rubygems: Improper verification of signatures in tarball allows to\ninstall mis-signed gem (CVE-2018-1000076)\n\n* rubygems: Missing URL validation on spec home attribute allows\nmalicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n* rubygems: XSS vulnerability in homepage attribute when displayed via\ngem server (CVE-2018-1000078)\n\n* rubygems: Path traversal issue during gem installation allows to\nwrite to arbitrary filesystem locations (CVE-2018-1000079)\n\n* ruby: Unintentional file and directory creation with directory\ntraversal in tempfile and tmpdir (CVE-2018-6914)\n\n* ruby: Unintentional socket creation by poisoned NULL byte in\nUNIXServer and UNIXSocket (CVE-2018-8779)\n\n* rubygems: Infinite loop vulnerability due to negative size in tar\nheader causes Denial of Service (CVE-2018-1000075)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\");\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3395ff0b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:2028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2017-17742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-6914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8778\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-8780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-16396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2018-1000079\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2028\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-debuginfo-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-devel-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-doc-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-irb-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ruby-libs-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ruby-tcltk-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-bigdecimal-1.2.0-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-io-console-0.4.2-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-36.el7\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-1.7\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-json-1.7.7-36.el7\")) flag++;\n if (rpm_exists(rpm:\"rubygem-json-1.7\", release:\"RHEL7\") && rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-minitest-4.3.2-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"rubygem-psych-2.0.0-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rake-0.9.6-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygem-rdoc-4.0.0-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygems-2.0.14.1-36.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"rubygems-devel-2.0.14.1-36.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T16:23:16", "description": "Security Fix(es) :\n\n - ruby: HTTP response splitting in WEBrick (CVE-2017-17742)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n - ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\n - ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396)\n\n - rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)\n\n - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)\n\n - ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (CVE-2018-6914)\n\n - ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket (CVE-2018-8779)\n\n - rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)", "cvss3": {}, "published": "2019-08-27T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : ruby on SL7.x x86_64 (20190806)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17742", "CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-16396", "CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ruby", "p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ruby-devel", "p-cpe:/a:fermilab:scientific_linux:ruby-doc", "p-cpe:/a:fermilab:scientific_linux:ruby-irb", "p-cpe:/a:fermilab:scientific_linux:ruby-libs", "p-cpe:/a:fermilab:scientific_linux:ruby-tcltk", "p-cpe:/a:fermilab:scientific_linux:rubygem-bigdecimal", "p-cpe:/a:fermilab:scientific_linux:rubygem-io-console", "p-cpe:/a:fermilab:scientific_linux:rubygem-json", "p-cpe:/a:fermilab:scientific_linux:rubygem-minitest", "p-cpe:/a:fermilab:scientific_linux:rubygem-psych", "p-cpe:/a:fermilab:scientific_linux:rubygem-rake", "p-cpe:/a:fermilab:scientific_linux:rubygem-rdoc", "p-cpe:/a:fermilab:scientific_linux:rubygems", "p-cpe:/a:fermilab:scientific_linux:rubygems-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_RUBY_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128260", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128260);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2017-17742\", \"CVE-2018-1000073\", \"CVE-2018-1000074\", \"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\", \"CVE-2018-1000079\", \"CVE-2018-16396\", \"CVE-2018-6914\", \"CVE-2018-8777\", \"CVE-2018-8778\", \"CVE-2018-8779\", \"CVE-2018-8780\");\n\n script_name(english:\"Scientific Linux Security Update : ruby on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - ruby: HTTP response splitting in WEBrick\n (CVE-2017-17742)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Buffer under-read in String#unpack (CVE-2018-8778)\n\n - ruby: Unintentional directory traversal by poisoned NULL\n byte in Dir (CVE-2018-8780)\n\n - ruby: Tainted flags are not propagated in Array#pack and\n String#unpack with some directives (CVE-2018-16396)\n\n - rubygems: Path traversal when writing to a symlinked\n basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in\n gem owner allowing arbitrary code execution on specially\n crafted YAML (CVE-2018-1000074)\n\n - rubygems: Improper verification of signatures in tarball\n allows to install mis-signed gem (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute\n allows malicious gem to set an invalid homepage URL\n (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when\n displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation\n allows to write to arbitrary filesystem locations\n (CVE-2018-1000079)\n\n - ruby: Unintentional file and directory creation with\n directory traversal in tempfile and tmpdir\n (CVE-2018-6914)\n\n - ruby: Unintentional socket creation by poisoned NULL\n byte in UNIXServer and UNIXSocket (CVE-2018-8779)\n\n - rubygems: Infinite loop vulnerability due to negative\n size in tar header causes Denial of Service\n (CVE-2018-1000075)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=18537\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64ba4fae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:rubygems-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-debuginfo-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-devel-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ruby-doc-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-doc-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"ruby-irb-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-irb-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-libs-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-tcltk-2.0.0.648-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-bigdecimal-1.2.0-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-io-console-0.4.2-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-json-1.7.7-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-minitest-4.3.2-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-minitest-4.3.2-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-psych-2.0.0-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-rake-0.9.6-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-rake-0.9.6-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygem-rdoc-4.0.0-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygem-rdoc-4.0.0-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygems-2.0.14.1-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygems-2.0.14.1-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"rubygems-devel-2.0.14.1-36.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"rubygems-devel-2.0.14.1-36.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:23:39", "description": "It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a buffer overrun. (CVE-2017-0898)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to execute terminal escape sequences.\n(CVE-2017-0899)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a denial of service.\n(CVE-2017-0900)\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to cause a denial of service. (CVE-2017-14033)\n\nIt was discovered that Ruby incorrectly handled certain files. An attacker could use this to expose sensitive information.\n(CVE-2017-14064).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-10-06T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : ruby1.9.1 vulnerabilities (USN-3439-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-0898", "CVE-2017-0899", "CVE-2017-0900", "CVE-2017-0901", "CVE-2017-10748", "CVE-2017-10784", "CVE-2017-14033", "CVE-2017-14064"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1", "p-cpe:/a:canonical:ubuntu_linux:ruby1.9.3", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3439-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3439-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103692);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-0898\", \"CVE-2017-0899\", \"CVE-2017-0900\", \"CVE-2017-0901\", \"CVE-2017-10748\", \"CVE-2017-10784\", \"CVE-2017-14033\", \"CVE-2017-14064\");\n script_xref(name:\"USN\", value:\"3439-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : ruby1.9.1 vulnerabilities (USN-3439-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that Ruby incorrectly handled certain inputs. An\nattacker could use this to cause a buffer overrun. (CVE-2017-0898)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain files.\nAn attacker could use this to execute terminal escape sequences.\n(CVE-2017-0899)\n\nYusuke Endoh discovered that Ruby incorrectly handled certain inputs.\nAn attacker could use this to cause a denial of service.\n(CVE-2017-0900)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could use this to overwrite any file on the filesystem.\n(CVE-2017-0901)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could use this to execute arbitrary code. (CVE-2017-10784)\n\nIt was discovered that Ruby incorrectly handled certain inputs. An\nattacker could use this to cause a denial of service. (CVE-2017-14033)\n\nIt was discovered that Ruby incorrectly handled certain files. An\nattacker could use this to expose sensitive information.\n(CVE-2017-14064).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3439-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected libruby1.9.1, ruby1.9.1 and / or ruby1.9.3\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ruby1.9.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby1.9.1\", pkgver:\"1.9.3.484-2ubuntu1.5\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ruby1.9.3\", pkgver:\"1.9.3.484-2ubuntu1.5\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libruby1.9.1 / ruby1.9.1 / ruby1.9.3\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:34:58", "description": "According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-07-03T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1206)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1206.NASL", "href": "https://www.tenable.com/plugins/nessus/110870", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(110870);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1206)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did\n not sanitize their file name argument. An attacker with\n control over the name could create temporary files and\n directories outside of the dedicated\n directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack\n decodes the unpacking format. An attacker, able to\n control the unpack format, could use this flaw to\n disclose arbitrary parts of the application's\n memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and\n UNIXServer::open ruby methods did not handle the NULL\n byte properly. An attacker, able to inject NULL bytes\n in the socket path, could possibly trigger an\n unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did\n not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could\n possibly trigger an unspecified behavior of the ruby\n script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an\n excessive amount of memory during the processing of\n HTTP requests, leading to a Denial of Service. An\n attacker could use this flaw to send huge requests to a\n WEBrick application, resulting in the server running\n out of memory.(CVE-2018-8777)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1206\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4347e6a6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.648-33.h11\",\n \"ruby-irb-2.0.0.648-33.h11\",\n \"ruby-libs-2.0.0.648-33.h11\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-21T14:25:25", "description": "Multiple vulnerabilities were found in the rubygems package management framework, embedded in JRuby, a pure-Java implementation of the Ruby programming language. \n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that could cause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A mis-signed gem could be installed if the tarball contains multiple gem signatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification homepage attribute could allow malicious gem to set an invalid homepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of homepage attribute\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 1.5.6-5+deb7u1.\n\nWe recommend that you upgrade your jruby packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-04-03T00:00:00", "type": "nessus", "title": "Debian DLA-1337-1 : jruby security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:jruby", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-1337.NASL", "href": "https://www.tenable.com/plugins/nessus/108788", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1337-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108788);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1000075\", \"CVE-2018-1000076\", \"CVE-2018-1000077\", \"CVE-2018-1000078\");\n\n script_name(english:\"Debian DLA-1337-1 : jruby security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities were found in the rubygems package management\nframework, embedded in JRuby, a pure-Java implementation of the Ruby\nprogramming language. \n\nCVE-2018-1000075\n\nA negative size vulnerability in ruby gem package tar header that\ncould cause an infinite loop.\n\nCVE-2018-1000076\n\nRuby gems package improperly verifies cryptographic signatures. A\nmis-signed gem could be installed if the tarball contains multiple gem\nsignatures.\n\nCVE-2018-1000077\n\nAn improper input validation vulnerability in ruby gems specification\nhomepage attribute could allow malicious gem to set an invalid\nhomepage URL.\n\nCVE-2018-1000078\n\nCross Site Scripting (XSS) vulnerability in gem server display of\nhomepage attribute\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n1.5.6-5+deb7u1.\n\nWe recommend that you upgrade your jruby packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/04/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/jruby\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected jruby package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"jruby\", reference:\"1.5.6-5+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:36:45", "description": "According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did not sanitize their file name argument. An attacker with control over the name could create temporary files and directories outside of the dedicated directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack decodes the unpacking format. An attacker, able to control the unpack format, could use this flaw to disclose arbitrary parts of the application's memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an excessive amount of memory during the processing of HTTP requests, leading to a Denial of Service. An attacker could use this flaw to send huge requests to a WEBrick application, resulting in the server running out of memory.(CVE-2018-8777)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-6914", "CVE-2018-8777", "CVE-2018-8778", "CVE-2018-8779", "CVE-2018-8780"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:ruby", "p-cpe:/a:huawei:euleros:ruby-irb", "p-cpe:/a:huawei:euleros:ruby-libs", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2018-1275.NASL", "href": "https://www.tenable.com/plugins/nessus/117584", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117584);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-6914\",\n \"CVE-2018-8777\",\n \"CVE-2018-8778\",\n \"CVE-2018-8779\",\n \"CVE-2018-8780\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1275)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ruby packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - It was found that the tmpdir and tempfile modules did\n not sanitize their file name argument. An attacker with\n control over the name could create temporary files and\n directories outside of the dedicated\n directory.(CVE-2018-6914)\n\n - A integer underflow was found in the way String#unpack\n decodes the unpacking format. An attacker, able to\n control the unpack format, could use this flaw to\n disclose arbitrary parts of the application's\n memory.(CVE-2018-8778)\n\n - It was found that the UNIXSocket::open and\n UNIXServer::open ruby methods did not handle the NULL\n byte properly. An attacker, able to inject NULL bytes\n in the socket path, could possibly trigger an\n unspecified behavior of the ruby script.(CVE-2018-8779)\n\n - It was found that the methods from the Dir class did\n not properly handle strings containing the NULL byte.\n An attacker, able to inject NULL bytes in a path, could\n possibly trigger an unspecified behavior of the ruby\n script.(CVE-2018-8780)\n\n - It was found that WEBrick could be forced to use an\n excessive amount of memory during the processing of\n HTTP requests, leading to a Denial of Service. An\n attacker could use this flaw to send huge requests to a\n WEBrick application, resulting in the server running\n out of memory.(CVE-2018-8777)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1275\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e1c01c8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ruby packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"ruby-2.0.0.353-23.h8\",\n \"ruby-irb-2.0.0.353-23.h8\",\n \"ruby-libs-2.0.0.353-23.h8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-20T15:06:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0591 advisory.\n\n - rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)\n\n - rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)\n\n - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-02-26T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2020:0591)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-8777", "CVE-2018-8780"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "cpe:/o:redhat:rhel_e4s:7.4", "cpe:/o:redhat:rhel_tus:7.4", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:rubygem-psych", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:rubygems-devel"], "id": "REDHAT-RHSA-2020-0591.NASL", "href": "https://www.tenable.com/plugins/nessus/134063", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0591. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134063);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2018-8777\",\n \"CVE-2018-8780\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_bugtraq_id(103683, 103739);\n script_xref(name:\"RHSA\", value:\"2020:0591\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2020:0591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0591 advisory.\n\n - rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on\n specially crafted YAML (CVE-2018-1000074)\n\n - rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service\n (CVE-2018-1000075)\n\n - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem\n (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage\n URL (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations\n (CVE-2018-1000079)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561950\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 79, 347, 400, 502, 626, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.4/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.4/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.4/x86_64/os',\n 'content/tus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'ruby-2.0.0.648-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-devel-2.0.0.648-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-doc-2.0.0.648-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-irb-2.0.0.648-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-35.el7_4', 'sp':'4', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-libs-2.0.0.648-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ruby-tcltk-2.0.0.648-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-bigdecimal-1.2.0-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-io-console-0.4.2-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-json-1.7.7-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-minitest-4.3.2-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-psych-2.0.0-35.el7_4', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rake-0.9.6-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygem-rdoc-4.0.0-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-2.0.14.1-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rubygems-devel-2.0.14.1-35.el7_4', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-devel / ruby-doc / ruby-irb / ruby-libs / ruby-tcltk / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-22T15:22:13", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0663 advisory.\n\n - rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074)\n\n - rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075)\n\n - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "RHEL 7 : ruby (RHSA-2020:0663)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000073", "CVE-2018-1000074", "CVE-2018-1000075", "CVE-2018-1000076", "CVE-2018-1000077", "CVE-2018-1000078", "CVE-2018-1000079", "CVE-2018-8777", "CVE-2018-8780"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_eus:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "p-cpe:/a:redhat:enterprise_linux:ruby-doc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk", "p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal", "p-cpe:/a:redhat:enterprise_linux:rubygem-io-console", "p-cpe:/a:redhat:enterprise_linux:rubygem-json", "p-cpe:/a:redhat:enterprise_linux:rubygem-minitest", "p-cpe:/a:redhat:enterprise_linux:rubygem-psych", "p-cpe:/a:redhat:enterprise_linux:rubygem-rake", "p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc", "p-cpe:/a:redhat:enterprise_linux:rubygems", "p-cpe:/a:redhat:enterprise_linux:rubygems-devel"], "id": "REDHAT-RHSA-2020-0663.NASL", "href": "https://www.tenable.com/plugins/nessus/134261", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0663. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134261);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2018-8777\",\n \"CVE-2018-8780\",\n \"CVE-2018-1000073\",\n \"CVE-2018-1000074\",\n \"CVE-2018-1000075\",\n \"CVE-2018-1000076\",\n \"CVE-2018-1000077\",\n \"CVE-2018-1000078\",\n \"CVE-2018-1000079\"\n );\n script_bugtraq_id(103683, 103739);\n script_xref(name:\"RHSA\", value:\"2020:0663\");\n\n script_name(english:\"RHEL 7 : ruby (RHSA-2020:0663)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0663 advisory.\n\n - rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073)\n\n - rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on\n specially crafted YAML (CVE-2018-1000074)\n\n - rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service\n (CVE-2018-1000075)\n\n - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem\n (CVE-2018-1000076)\n\n - rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage\n URL (CVE-2018-1000077)\n\n - rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078)\n\n - rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations\n (CVE-2018-1000079)\n\n - ruby: DoS by large request in WEBrick (CVE-2018-8777)\n\n - ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-8780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000076\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-1000079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547422\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1547426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1561950\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8780\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-1000076\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 79, 347, 400, 502, 626, 835);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-psych\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rubygems-devel\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/optional/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap-hana/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/debug',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/os',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel/power-le/7/7.6/ppc64le/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.6/x86_64/os',\n 'content/eus/rhel/computenode/7/7.6/x86_64/sour