Vulnerabilities > CVE-2006-3694 - SAFE Level Restriction Bypass vulnerability in Yukihiro Matsumoto Ruby 1.8.2/1.8.3/1.8.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_RUBY-1948.NASL description An attacker could bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 27421 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27421 title openSUSE 10 Security Update : ruby (ruby-1948) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update ruby-1948. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27421); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-3694"); script_name(english:"openSUSE 10 Security Update : ruby (ruby-1948)"); script_summary(english:"Check for the ruby-1948 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value:"An attacker could bypass the 'safe level' checks (CVE-2006-3694)." ); script_set_attribute(attribute:"solution", value:"Update the affected ruby packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"ruby-1.8.4-17.5") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"ruby-devel-1.8.4-17.5") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-devel"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_765625941F1911DBB7D40008743BF21A.NASL description Secunia reports : Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. - An error in the handling of the last seen 2020-06-01 modified 2020-06-02 plugin id 22139 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22139 title FreeBSD : ruby -- multiple vulnerabilities (76562594-1f19-11db-b7d4-0008743bf21a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(22139); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:38"); script_cve_id("CVE-2006-3694"); script_bugtraq_id(18944); script_xref(name:"Secunia", value:"21009"); script_name(english:"FreeBSD : ruby -- multiple vulnerabilities (76562594-1f19-11db-b7d4-0008743bf21a)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Secunia reports : Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. - An error in the handling of the 'alias' functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level. - An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams." ); # http://jvn.jp/jp/JVN%2383768862/index.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1b402f05" ); # http://jvn.jp/jp/JVN%2313947696/index.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5263affb" ); # https://vuxml.freebsd.org/freebsd/76562594-1f19-11db-b7d4-0008743bf21a.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4ef56d97" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ruby_static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/12"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"ruby>1.6.*<1.8.*")) flag++; if (pkg_test(save_report:TRUE, pkg:"ruby>1.8.*<1.8.4_9,1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ruby_static>1.6.*<1.8.*")) flag++; if (pkg_test(save_report:TRUE, pkg:"ruby_static>1.8.*<1.8.4_9,1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2006-1440.NASL description - Mon Dec 11 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5.2-1 - security fix release. (#218289) - Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. (#212396) - backport fixes from devel. - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) - updates to 1.8.5 - removed the unnecessary patches: ruby-1.8.4-no-eaccess.patch, ruby-1.8.4-64bit-pack.patch, ruby-1.8.4-fix-insecure-dir-operation.patch, ruby-1.8.4-fix-insecure-regexp-modification.patch, ruby-1.8.4-fix-alias-safe-level.patch. - build with --enable-pthread except on ppc. - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak on Hash. [ruby-talk:211233] - owns sitearchdir. (#201208) - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5 - ruby-deprecated-search-path.patch: applied to add more search path for backward compatibility. - added byacc to BuildReq. - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn last seen 2020-06-01 modified 2020-06-02 plugin id 24071 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24071 title Fedora Core 5 : ruby-1.8.5.2-1.fc5 (2006-1440) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-1440. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(24071); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-1440"); script_name(english:"Fedora Core 5 : ruby-1.8.5.2-1.fc5 (2006-1440)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Mon Dec 11 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5.2-1 - security fix release. (#218289) - Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. (#212396) - backport fixes from devel. - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) - updates to 1.8.5 - removed the unnecessary patches: ruby-1.8.4-no-eaccess.patch, ruby-1.8.4-64bit-pack.patch, ruby-1.8.4-fix-insecure-dir-operation.patch, ruby-1.8.4-fix-insecure-regexp-modification.patch, ruby-1.8.4-fix-alias-safe-level.patch. - build with --enable-pthread except on ppc. - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak on Hash. [ruby-talk:211233] - owns sitearchdir. (#201208) - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5 - ruby-deprecated-search-path.patch: applied to add more search path for backward compatibility. - added byacc to BuildReq. - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided and buildsys became much stricter. - Wed May 17 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-4.fc5 - correct sitelibdir. (#184198) - ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs. so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to the kind of /usr/lib/ruby now. (#184199) - ruby-deprecated-search-path.patch: added the deprecated installation paths to the search path for the backward compatibility. - added a Provides: ruby(abi) to ruby-libs. - ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack('l') not working on 64bit arch and integer overflow on template 'w'. (#189350) - updated License tag to be more comfortable, and with a pointer to get more details, like Python package does. (#179933) - clean up. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-December/001089.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bbf11b12" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-ri"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"ruby-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-debuginfo-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-devel-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-docs-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-irb-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-libs-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-mode-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-rdoc-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-ri-1.8.5.2-1.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-tcltk-1.8.5.2-1.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc"); }NASL family SuSE Local Security Checks NASL id SUSE_RUBY-1946.NASL description An attacker could bypass the last seen 2020-06-01 modified 2020-06-02 plugin id 29570 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29570 title SuSE 10 Security Update : ruby (ZYPP Patch Number 1946) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(29570); script_version ("1.11"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2006-3694"); script_name(english:"SuSE 10 Security Update : ruby (ZYPP Patch Number 1946)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value:"An attacker could bypass the 'safe level' checks. (CVE-2006-3694)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2006-3694.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 1946."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:0, reference:"ruby-1.8.4-17.5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Fedora Local Security Checks NASL id FEDORA_2006-842.NASL description - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-3 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24155 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24155 title Fedora Core 4 : ruby-1.8.4-3.fc4 (2006-842) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-842. # include("compat.inc"); if (description) { script_id(24155); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-842"); script_name(english:"Fedora Core 4 : ruby-1.8.4-3.fc4 (2006-842)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-3 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000446.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e1431471" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ri"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"irb-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"rdoc-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ri-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-debuginfo-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-devel-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-docs-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-libs-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-mode-1.8.4-3.fc4")) flag++; if (rpm_check(release:"FC4", reference:"ruby-tcltk-1.8.4-3.fc4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / rdoc / ri / ruby / ruby-debuginfo / ruby-devel / ruby-docs / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-849.NASL description - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5 - ruby-deprecated-search-path.patch: applied to add more search path for backward compatibility. - added byacc to BuildReq. - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn last seen 2020-06-01 modified 2020-06-02 plugin id 24158 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24158 title Fedora Core 5 : ruby-1.8.4-8.fc5 (2006-849) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-849. # include("compat.inc"); if (description) { script_id(24158); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:25"); script_xref(name:"FEDORA", value:"2006-849"); script_name(english:"Fedora Core 5 : ruby-1.8.4-8.fc5 (2006-849)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5 - ruby-deprecated-search-path.patch: applied to add more search path for backward compatibility. - added byacc to BuildReq. - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided and buildsys became much stricter. - Wed May 17 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-4.fc5 - correct sitelibdir. (#184198) - ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs. so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to the kind of /usr/lib/ruby now. (#184199) - ruby-deprecated-search-path.patch: added the deprecated installation paths to the search path for the backward compatibility. - added a Provides: ruby(abi) to ruby-libs. - ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack('l') not working on 64bit arch and integer overflow on template 'w'. (#189350) - updated License tag to be more comfortable, and with a pointer to get more details, like Python package does. (#179933) - clean up. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-July/000452.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?676d91be" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-ri"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/07/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"ruby-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-debuginfo-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-devel-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-docs-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-irb-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-libs-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-mode-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-rdoc-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-ri-1.8.4-8.fc5")) flag++; if (rpm_check(release:"FC5", reference:"ruby-tcltk-1.8.4-8.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0604.NASL description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22136 published 2006-08-04 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22136 title CentOS 3 / 4 : ruby (CESA-2006:0604) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0604 and # CentOS Errata and Security Advisory 2006:0604 respectively. # include("compat.inc"); if (description) { script_id(22136); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2006-3694"); script_bugtraq_id(18944); script_xref(name:"RHSA", value:"2006:0604"); script_name(english:"CentOS 3 / 4 : ruby (CESA-2006:0604)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue." ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013103.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0177a19c" ); # https://lists.centos.org/pipermail/centos-announce/2006-August/013104.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?740eb6a7" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013075.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fa419d22" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013076.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?31e13637" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013078.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?244feedb" ); # https://lists.centos.org/pipermail/centos-announce/2006-July/013079.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?91b74400" ); script_set_attribute(attribute:"solution", value:"Update the affected ruby packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby-mode"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/07/21"); script_set_attribute(attribute:"patch_publication_date", value:"2006/08/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"irb-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-devel-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-docs-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-libs-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-mode-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-3", reference:"ruby-tcltk-1.6.8-9.EL3.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"irb-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-devel-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-docs-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-libs-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-mode-1.8.1-7.EL4.6")) flag++; if (rpm_check(release:"CentOS-4", reference:"ruby-tcltk-1.8.1-7.EL4.6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "irb / ruby / ruby-devel / ruby-docs / ruby-libs / ruby-mode / etc"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1139.NASL description It was discovered that the interpreter for the Ruby language does not properly maintain last seen 2020-06-01 modified 2020-06-02 plugin id 22681 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22681 title Debian DSA-1139-1 : ruby1.6 - missing privilege checks NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0604.NASL description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 22113 published 2006-07-28 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/22113 title RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0604) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1157.NASL description Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1931 It was discovered that the use of blocking sockets can lead to denial of service. - CVE-2006-3964 It was discovered that Ruby does not properly maintain last seen 2020-06-01 modified 2020-06-02 plugin id 22699 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22699 title Debian DSA-1157-1 : ruby1.8 - several vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2006-1441.NASL description - Mon Dec 11 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5.2-1 - security fix release. (#218289) - Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-4 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. (#212396) - Sun Oct 1 2006 Jesse Keating <jkeating at redhat.com> - 1.8.5-3 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 - Tue Sep 26 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-2 - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) - Mon Aug 28 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1 - New upstream release. - removed the unnecessary patches : - ruby-1.8.4-no-eaccess.patch - ruby-1.8.4-64bit-pack.patch - ruby-1.8.4-fix-insecure-dir-operation.patch - ruby-1.8.4-fix-insecure-regexp-modification.patch - ruby-1.8.4-fix-alias-safe-level.patch - build with --enable-pthread except on ppc. - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak on Hash. [ruby-talk:211233] - Mon Aug 7 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-12 - owns sitearchdir. (#201208) - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-11 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.8.4-10.fc6.1 - rebuild - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-10 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - ruby-deprecated-sitelib-search-path.patch: correct the order of search path. - Wed Jun 7 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7 - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn last seen 2020-06-01 modified 2020-06-02 plugin id 24072 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24072 title Fedora Core 6 : ruby-1.8.5.2-1.fc6 (2006-1441) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0604.NASL description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. From Red Hat Security Advisory 2006:0604 : A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) From Red Hat Security Advisory 2006:0729 : A flaw was discovered in the way Ruby last seen 2020-06-01 modified 2020-06-02 plugin id 67399 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/67399 title Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1110.NASL description - Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. (#212396) - backport fixes from devel. - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) - updates to 1.8.5 - removed the unnecessary patches: ruby-1.8.4-no-eaccess.patch, ruby-1.8.4-64bit-pack.patch, ruby-1.8.4-fix-insecure-dir-operation.patch, ruby-1.8.4-fix-insecure-regexp-modification.patch, ruby-1.8.4-fix-alias-safe-level.patch. - build with --enable-pthread except on ppc. - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak on Hash. [ruby-talk:211233] - owns sitearchdir. (#201208) - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7.fc5 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-5.fc5 - ruby-deprecated-search-path.patch: applied to add more search path for backward compatibility. - added byacc to BuildReq. - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn last seen 2020-06-01 modified 2020-06-02 plugin id 24039 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24039 title Fedora Core 5 : ruby-1.8.5-1.fc5 (2006-1110) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1109.NASL description - Fri Oct 27 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-4 - security fix release. - ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that causes the denial of service. (#212396) - Sun Oct 1 2006 Jesse Keating <jkeating at redhat.com> - 1.8.5-3 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 - Tue Sep 26 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-2 - fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) - Mon Aug 28 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.5-1 - New upstream release. - removed the unnecessary patches : - ruby-1.8.4-no-eaccess.patch - ruby-1.8.4-64bit-pack.patch - ruby-1.8.4-fix-insecure-dir-operation.patch - ruby-1.8.4-fix-insecure-regexp-modification.patch - ruby-1.8.4-fix-alias-safe-level.patch - build with --enable-pthread except on ppc. - ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak on Hash. [ruby-talk:211233] - Mon Aug 7 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-12 - owns sitearchdir. (#201208) - Thu Jul 20 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-11 - security fixes [CVE-2006-3694] - ruby-1.8.4-fix-insecure-dir-operation.patch : - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure operations in the certain safe-level restrictions. (#199538) - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain safe-level restrictions. (#199543) - Wed Jul 12 2006 Jesse Keating <jkeating at redhat.com> - 1.8.4-10.fc6.1 - rebuild - Mon Jun 19 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-10 - fixed the wrong file list again. moved tcltk library into ruby-tcltk. (#195872) - Thu Jun 8 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-8 - ruby-deprecated-sitelib-search-path.patch: correct the order of search path. - Wed Jun 7 2006 Akira TAGOH <tagoh at redhat.com> - 1.8.4-7 - exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn last seen 2020-06-01 modified 2020-06-02 plugin id 24038 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24038 title Fedora Core 6 : ruby-1.8.5-4.fc6 (2006-1109) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-134.NASL description A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 23884 published 2006-12-16 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23884 title Mandrake Linux Security Advisory : ruby (MDKSA-2006:134) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-325-1.NASL description The alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 27903 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27903 title Ubuntu 5.04 / 5.10 / 6.06 LTS : ruby1.8 vulnerability (USN-325-1)
Oval
| accepted | 2013-04-29T04:23:53.165-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9983 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations". | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- http://jvn.jp/jp/JVN%2313947696/index.html
- http://jvn.jp/jp/JVN%2383768862/index.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
- http://secunia.com/advisories/21009
- http://secunia.com/advisories/21233
- http://secunia.com/advisories/21236
- http://secunia.com/advisories/21272
- http://secunia.com/advisories/21337
- http://secunia.com/advisories/21598
- http://secunia.com/advisories/21657
- http://secunia.com/advisories/21749
- http://www.debian.org/security/2006/dsa-1139
- http://www.debian.org/security/2006/dsa-1157
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/27144
- http://www.osvdb.org/27145
- http://www.redhat.com/support/errata/RHSA-2006-0604.html
- http://www.securityfocus.com/bid/18944
- http://www.ubuntu.com/usn/usn-325-1
- http://www.vupen.com/english/advisories/2006/2760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983