GoogleOSV:DSA-1410-1ruby1.8 - possible man-in-the-middle attacks
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Several vulnerabilities have been discovered in Ruby, an object-oriented
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2007-5162
It was discovered that the Ruby HTTP(S) module performs insufficient
validation of SSL certificates, which may lead to man-in-the-middle
attacks. - CVE-2007-5770
It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP
and SMTP perform insufficient validation of SSL certificates, which
may lead to man-in-the-middle attacks.
For the old stable distribution (sarge) these problems have been fixed
in version 1.8.2-7sarge6. Packages for sparc will be provided later.
For the stable distribution (etch) these problems have been fixed in
version 1.8.5-4etch1. Packages for sparc will be provided later.
We recommend that you upgrade your ruby1.8 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ruby1.8 | eq | 1.8.2-7sarge2 | |
| ruby1.8 | eq | 1.8.2-7sarge4 | |
| ruby1.8 | eq | 1.8.2-7sarge5 | |
| ruby1.8 | eq | 1.8.2-7 | |
| ruby1.8 | eq | 1.8.2-7sarge1 |
References
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N