Vulnerabilities > CVE-2004-0983 - Denial Of Service vulnerability in Yukihiro Matsumoto Ruby CGI Module

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2005-03-01

Updated: 2018-10-03

Summary

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Vulnerable Configurations

Part	Description	Count
Application	Yukihiro_Matsumoto Yukihiro Matsumoto Ruby 1.6 Yukihiro Matsumoto Ruby 1.6.7 Yukihiro Matsumoto Ruby 1.8 Yukihiro Matsumoto Ruby 1.8.1 Yukihiro Matsumoto Ruby 1.8.2_Pre1 Yukihiro Matsumoto Ruby 1.8.2_Pre2	6
OS	Gentoo Gentoo Linux *	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 9.2 Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux 10.1 Mandrakesoft Mandrake Linux Corporate Server 2.1	8
OS	Ubuntu Ubuntu Ubuntu Linux 4.1	2

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-402.NASL
description	- Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-6.FC2.0 - security fix [CVE-2004-0983] - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. (#138366) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15730
published	2004-11-17
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15730
title	Fedora Core 2 : ruby-1.8.1-6.FC2.0 (2004-402)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-402. # include("compat.inc"); if (description) { script_id(15730); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_xref(name:"FEDORA", value:"2004-402"); script_name(english:"Fedora Core 2 : ruby-1.8.1-6.FC2.0 (2004-402)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-6.FC2.0 - security fix [CVE-2004-0983] - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. (#138366) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-November/000385.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9a453bc5" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"irb-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-debuginfo-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-devel-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-docs-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-libs-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-mode-1.8.1-6.FC2.0")) flag++; if (rpm_check(release:"FC2", reference:"ruby-tcltk-1.8.1-6.FC2.0")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-libs / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-394-1.NASL
description	An error was found in Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	27980
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27980
title	Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-394-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27980); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2004-0983", "CVE-2006-6303"); script_xref(name:"USN", value:"394-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-394-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "An error was found in Ruby's CGI library that did not correctly quote the boundary of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/394-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:irb1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ri1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10\|6\.06\|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"irb1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libdbm-ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libreadline-ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libruby1.8-dbg", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"rdoc1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ri1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-dev", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-elisp", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-examples", pkgver:"1.8.2-9ubuntu1.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"irb1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libdbm-ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libreadline-ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libruby1.8-dbg", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"rdoc1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ri1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-dev", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-elisp", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-examples", pkgver:"1.8.4-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"irb1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libdbm-ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libreadline-ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libruby1.8-dbg", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"rdoc1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ri1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-dev", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-elisp", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-examples", pkgver:"1.8.4-5ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb1.8 / libdbm-ruby1.8 / libgdbm-ruby1.8 / libopenssl-ruby1.8 / etc"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-371-1.NASL
description	An error was found in Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	27952
published	2007-11-10
reporter	Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/27952
title	Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-371-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27952); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2004-0983", "CVE-2006-5467"); script_bugtraq_id(20777); script_xref(name:"USN", value:"371-1"); script_name(english:"Ubuntu 5.04 / 5.10 / 6.06 LTS / 6.10 : ruby1.8 vulnerability (USN-371-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "An error was found in Ruby's CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/371-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:irb1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libbigdecimal-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcurses-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdbm-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdl-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdrb-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:liberb-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libgdbm-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libiconv-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libopenssl-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpty-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libracc-runtime-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libreadline-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:librexml-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsdbm-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsoap-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libstrscan-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libsyslog-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtcltk-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtest-unit-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libtk-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libwebrick-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libxmlrpc-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libyaml-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libzlib-ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rdoc1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ri1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-elisp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8-examples"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04\|5\.10\|6\.06\|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04 / 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"irb1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libbigdecimal-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libcurses-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdbm-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdl-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libdrb-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"liberb-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libiconv-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libpty-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libracc-runtime-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libreadline-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"librexml-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libruby1.8-dbg", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsdbm-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsoap-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libstrscan-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libsyslog-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libtest-unit-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libtk-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libwebrick-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libxmlrpc-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libyaml-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"libzlib-ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"rdoc1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ri1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ruby1.8", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ruby1.8-dev", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ruby1.8-elisp", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"ruby1.8-examples", pkgver:"1.8.1+1.8.2pre4-1ubuntu0.5")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"irb1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libdbm-ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libreadline-ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libruby1.8-dbg", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"rdoc1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ri1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-dev", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-elisp", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"5.10", pkgname:"ruby1.8-examples", pkgver:"1.8.2-9ubuntu1.3")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"irb1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libdbm-ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libreadline-ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libruby1.8-dbg", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"rdoc1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ri1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-dev", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-elisp", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ruby1.8-examples", pkgver:"1.8.4-1ubuntu1.2")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"irb1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libdbm-ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libgdbm-ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libopenssl-ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libreadline-ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libruby1.8-dbg", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"libtcltk-ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"rdoc1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ri1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-dev", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-elisp", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ruby1.8-examples", pkgver:"1.8.4-5ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb1.8 / libbigdecimal-ruby1.8 / libcurses-ruby1.8 / libdbm-ruby1.8 / etc"); }

NASL family	CGI abuses
NASL id	CGI_RB.NASL
description	The
last seen	2020-06-01
modified	2020-06-02
plugin id	15710
published	2004-11-13
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15710
title	Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(15710); script_version("1.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2004-0983"); script_bugtraq_id(11618); script_xref(name:"DSA", value:"586"); script_xref(name:"GLSA", value:"200612-21"); script_xref(name:"RHSA", value:"2004:635"); script_name(english:"Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS"); script_summary(english:"Checks for the presence of cgi.rb"); script_set_attribute(attribute:"synopsis", value: "The remote web server is hosting a CGI application that is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The 'cgi.rb' CGI is installed. Some versions is vulnerable to remote denial of service. By sending a specially crafted HTTP POST request, a malicious user can force the remote host to consume a large amount of CPU resources. * Warning : Nessus solely relied on the presence of this * CGI, it did not determine if you specific version is *** vulnerable to that problem."); script_set_attribute(attribute:"see_also", value:"http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:128"); script_set_attribute(attribute:"see_also", value:"http://www.novell.com/linux/security/advisories/2005_04_sr.html" ); script_set_attribute(attribute:"see_also", value:"https://usn.ubuntu.com/394-1/" ); script_set_attribute(attribute:"solution", value:"Upgrade to Ruby 1.8.1 or later"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/13"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_require_keys("Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); res = is_cgi_installed_ka(item:"cgi.rb", port:port); if(res)security_warning(port);

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-1234.NASL
description	A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
last seen	2020-06-01
modified	2020-06-02
plugin id	23847
published	2006-12-14
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/23847
title	Debian DSA-1234-1 : ruby1.6 - denial of service

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2004-128.NASL
description	Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session
last seen	2020-06-01
modified	2020-06-02
plugin id	15650
published	2004-11-09
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15650
title	Mandrake Linux Security Advisory : ruby (MDKSA-2004:128)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-586.NASL
description	The upstream developers of Ruby have corrected a problem in the CGI module for this language. Specially crafted requests could cause an infinite loop and thus cause the program to eat up cpu cycles.
last seen	2020-06-01
modified	2020-06-02
plugin id	15684
published	2004-11-10
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15684
title	Debian DSA-586-1 : ruby - infinite loop

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_RUBY_182P3.NASL
description	The following package needs to be updated: ruby-1.7.0
last seen	2016-09-26
modified	2004-11-23
plugin id	15810
published	2004-11-23
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=15810
title	FreeBSD : ruby -- CGI DoS (171)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200411-23.NASL
description	The remote host is affected by the vulnerability described in GLSA-200411-23 (Ruby: Denial of Service issue) Ruby
last seen	2020-06-01
modified	2020-06-02
plugin id	15724
published	2004-11-16
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15724
title	GLSA-200411-23 : Ruby: Denial of Service issue

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-20-1.NASL
description	The Ruby developers discovered a potential Denial of Service vulnerability in the CGI module (cgi.rb). Specially crafted CGI requests could cause an infinite loop in the server process. Repetitive attacks could use most of the available processor resources, exhaust the number of allowed parallel connections in web servers, or cause similar effects which render the service unavailable. There is no possibility of privilege escalation or data loss. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20615
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2004-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20615
title	Ubuntu 4.10 : ruby1.8 vulnerability (USN-20-1)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2006-192.NASL
description	The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption. Updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	24577
published	2007-02-18
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24577
title	Mandrake Linux Security Advisory : ruby (MDKSA-2006:192)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2006-225.NASL
description	Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). Updated packages have been patched to correct this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	24609
published	2007-02-18
reporter	This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/24609
title	Mandrake Linux Security Advisory : ruby (MDKSA-2006:225)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-403.NASL
description	- Thu Nov 11 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-7.FC3.1 - security fix [CVE-2004-0983] - security fix [CVE-2004-0755] - ruby-1.8.1-cgi-dos.patch: applied to fix a denial of service issue. (#138366) - ruby-1.8.1-cgi_session_perms.patch: sets the permission of the session data file to 0600. (#130063) - Sat Oct 30 2004 Akira TAGOH <tagoh at redhat.com> - 1.8.1-7.fc3 - added openssl-devel and db4-devel into BuildRequires. (#137479) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15731
published	2004-11-17
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15731
title	Fedora Core 3 : ruby-1.8.1-7.FC3.1 (2004-403)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-635.NASL
description	An updated ruby package that fixes a denial of service issue for the CGI instance is now available. [Updated 17 Jan 2005] Errata has been updated to include 32-bit libraries on 64-bit architectures. Ruby is an interpreted scripting language for object-oriented programming. A flaw was dicovered in the CGI module of Ruby. If empty data is sent by the POST method to the CGI script which requires MIME type multipart/form-data, it can get stuck in a loop. A remote attacker could trigger this flaw and cause a denial of service. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0983 to this issue. Users are advised to upgrade to this erratum package, which contains a backported patch to cgi.rb.
last seen	2020-06-01
modified	2020-06-02
plugin id	15945
published	2004-12-13
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/15945
title	RHEL 2.1 / 3 : ruby (RHSA-2004:635)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_D656296B33FF11D9A9E70001020EED82.NASL
description	The Ruby CGI.rb module contains a bug which can cause the CGI module to go into an infinite loop, thereby causing a denial-of-service situation on the web server by using all available CPU time.
last seen	2020-06-01
modified	2020-06-02
plugin id	38113
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/38113
title	FreeBSD : ruby -- CGI DoS (d656296b-33ff-11d9-a9e7-0001020eed82)

Oval

accepted

2013-04-29T04:04:10.905-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

family

unix

oval:org.mitre.oval:def:10268

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

version

Redhat

advisories

rhsa

id	RHSA-2004:635

rpms

irb-0:1.6.8-9.EL3.3
ruby-0:1.6.8-9.EL3.3
ruby-debuginfo-0:1.6.8-9.EL3.3
ruby-devel-0:1.6.8-9.EL3.3
ruby-docs-0:1.6.8-9.EL3.3
ruby-libs-0:1.6.8-9.EL3.3
ruby-mode-0:1.6.8-9.EL3.3
ruby-tcltk-0:1.6.8-9.EL3.3

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

References