Lucene search

K
osvGoogleOSV:DSA-1411-1
HistoryNov 24, 2007 - 12:00 a.m.

libopenssl-ruby - possible man-in-the-middle attacks

2007-11-2400:00:00
Google
osv.dev
7

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

74.7%

Several vulnerabilities have been discovered in Ruby, an object-oriented
scripting language. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2007-5162
    It was discovered that the Ruby HTTP(S) module performs insufficient
    validation of SSL certificates, which may lead to man-in-the-middle
    attacks.
  • CVE-2007-5770
    It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP
    and SMTP perform insufficient validation of SSL certificates, which
    may lead to man-in-the-middle attacks.

For the old stable distribution (sarge) these problems have been fixed
in version 0.1.4a-1sarge1. Packages for sparc will be provided later.

The stable distribution (etch) no longer contains libopenssl-ruby.

We recommend that you upgrade your libopenssl-ruby packages.

CPENameOperatorVersion
libopenssl-rubyeq0.1.4a-1

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

74.7%