Vulnerabilities > CVE-2011-2705 - Improper Input Validation vulnerability in Ruby-Lang Ruby

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ruby-lang
CWE-20
nessus

Summary

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
669

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9359.NASL
    descriptionNew version 1.8.7p352 is released, fixing randomization process in forked process (CVE-2011-2686). Also ruby path is fixed to have no duplicate directories on all archs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55677
    published2011-07-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55677
    titleFedora 15 : ruby-1.8.7.352-1.fc15 (2011-9359)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-9359.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55677);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705");
      script_xref(name:"FEDORA", value:"2011-9359");
    
      script_name(english:"Fedora 15 : ruby-1.8.7.352-1.fc15 (2011-9359)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New version 1.8.7p352 is released, fixing randomization process in
    forked process (CVE-2011-2686). Also ruby path is fixed to have no
    duplicate directories on all archs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=722415"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?25e2b5e9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ruby package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"ruby-1.8.7.352-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1377-1.NASL
    descriptionDrew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. (CVE-2010-0541) Drew Yao discovered that Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id58146
    published2012-02-28
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58146
    titleUbuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1377-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58146);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2010-0541", "CVE-2011-0188", "CVE-2011-1004", "CVE-2011-1005", "CVE-2011-2686", "CVE-2011-2705", "CVE-2011-4815");
      script_bugtraq_id(40895, 46458, 46460, 46966, 49015, 51198);
      script_xref(name:"USN", value:"1377-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Drew Yao discovered that the WEBrick HTTP server was vulnerable to
    cross-site scripting attacks when displaying error pages. A remote
    attacker could use this flaw to run arbitrary web script.
    (CVE-2010-0541)
    
    Drew Yao discovered that Ruby's BigDecimal module did not properly
    allocate memory on 64-bit platforms. An attacker could use this flaw
    to cause a denial of service or possibly execute arbitrary code with
    user privileges. (CVE-2011-0188)
    
    Nicholas Jefferson discovered that the FileUtils.remove_entry_secure
    method in Ruby did not properly remove non-empty directories. An
    attacker could use this flaw to possibly delete arbitrary files.
    (CVE-2011-1004)
    
    It was discovered that Ruby incorrectly allowed untainted strings to
    be modified in protective safe levels. An attacker could use this flaw
    to bypass intended access restrictions. (CVE-2011-1005)
    
    Eric Wong discovered that Ruby does not properly reseed its
    pseudorandom number generator when creating child processes. An
    attacker could use this flaw to gain knowledge of the random numbers
    used in other Ruby child processes. (CVE-2011-2686)
    
    Eric Wong discovered that the SecureRandom module in Ruby did not
    properly seed its pseudorandom number generator. An attacker could use
    this flaw to gain knowledge of the random numbers used by another Ruby
    process with the same process ID number. (CVE-2011-2705)
    
    Alexander Klink and Julian Walde discovered that Ruby computed hash
    values without restricting the ability to trigger hash collisions
    predictably. A remote attacker could cause a denial of service by
    crafting values used in hash tables. (CVE-2011-4815).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1377-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libruby1.8 and / or ruby1.8 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libruby1.8", pkgver:"1.8.7.249-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"ruby1.8", pkgver:"1.8.7.249-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libruby1.8", pkgver:"1.8.7.299-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"ruby1.8", pkgver:"1.8.7.299-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libruby1.8", pkgver:"1.8.7.302-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"ruby1.8", pkgver:"1.8.7.302-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libruby1.8", pkgver:"1.8.7.352-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"ruby1.8", pkgver:"1.8.7.352-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libruby1.8 / ruby1.8");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_RUBY-120117.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog The particularly noteworthy fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available. - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - initialize store->ex_data.sk. - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009) - securerandom fixes (CVE-2011-2705) - uri route_to fixes - fix race condition with variables and autoload
    last seen2020-06-05
    modified2014-06-13
    plugin id76015
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76015
    titleopenSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update ruby-5660.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76015);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705", "CVE-2011-3009", "CVE-2011-4815");
    
      script_name(english:"openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)");
      script_summary(english:"Check for the ruby-5660 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of ruby provides 1.8.7p357, which contains many stability
    fixes and bug fixes, which are fully compatible with the previous
    version. You can review the detailed list here :
    
    http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog
    
    The particularly noteworthy fixes are :
    
      - Hash functions are now using a randomized seed to avoid
        algorithmic complexity attacks (CVE-2011-4815). For this
        OpenSSL::Random.seed at the SecureRandom.random_bytes is
        used if available.
    
      - mkconfig.rb: fix for continued lines.
    
      - Fix Infinity to be greater than any bignum number.
    
      - initialize store->ex_data.sk.
    
      - some IPv6 related fixes
    
      - zlib fixes
    
      - reinitialize PRNG when forking children
        (CVE-2011-2686/CVE-2011-3009)
    
      - securerandom fixes (CVE-2011-2705)
    
      - uri route_to fixes
    
      - fix race condition with variables and autoload"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=704409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2012-02/msg00024.html"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-doc-ri");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-test-suite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-tk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ruby-tk-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE11\.4)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.4", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-debuginfo-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-debugsource-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-devel-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-doc-html-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-doc-ri-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-examples-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-test-suite-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-tk-1.8.7.p357-0.2.1") ) flag++;
    if ( rpm_check(release:"SUSE11.4", reference:"ruby-tk-debuginfo-1.8.7.p357-0.2.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ruby");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-187P357-120127.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen2020-06-05
    modified2012-02-06
    plugin id57841
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57841
    titleSuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57841);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705", "CVE-2011-3009", "CVE-2011-4815");
    
      script_name(english:"SuSE 11.1 Security Update : ruby (SAT Patch Number 5716)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of ruby provides 1.8.7p357, which contains many stability
    fixes and bug fixes while maintaining full compatibility with the
    previous version. A detailailed list of changes is available from
    http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog .
    
    The most important fixes are :
    
      - Hash functions are now using a randomized seed to avoid
        algorithmic complexity attacks. If available,
        OpenSSL::Random.seed at the SecureRandom.random_bytes is
        used to achieve this. (CVE-2011-4815)
    
      - mkconfig.rb: fix for continued lines.
    
      - Fix Infinity to be greater than any bignum number.
    
      - Initialize store->ex_data.sk.
    
      - Several IPv6 related fixes.
    
      - Fixes for zlib.
    
      - Reinitialize PRNG when forking children. (CVE-2011-2686
        / CVE-2011-3009)
    
      - Fixes to securerandom. (CVE-2011-2705)
    
      - Fix uri route_to
    
      - Fix race condition with variables and autoload."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=704409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=740796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2686.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2705.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3009.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4815.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5716.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-tk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"ruby-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ruby-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ruby-doc-html-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ruby-tk-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"ruby-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"ruby-doc-html-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"ruby-tk-1.8.7.p357-0.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111206_RUBY_ON_SL6_X.NASL
    descriptionRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). (CVE-2011-2705) This update also fixes the following bugs : - The ruby package has been upgraded to upstream point release 1.8.7-p352, which provides a number of bug fixes over the previous version. - The MD5 message-digest algorithm is not a FIPS-approved algorithm. Consequently, when a Ruby script attempted to calculate an MD5 checksum in FIPS mode, the interpreter terminated unexpectedly. This bug has been fixed and an exception is now raised in the described scenario. - Due to inappropriately handled line continuations in the mkconfig.rb source file, an attempt to build the ruby package resulted in unexpected termination. An upstream patch has been applied to address this issue and the ruby package can now be built properly. - When the 32-bit ruby-libs library was installed on a 64-bit machine, the mkmf library failed to load various modules necessary for building Ruby-related packages. This bug has been fixed and mkmf now works properly in the described scenario. - Previously, the load paths for scripts and binary modules were duplicated on the i386 architecture. Consequently, an ActiveSupport test failed. With this update, the load paths are no longer stored in duplicates on the i386 architecture. This update also adds the following enhancement : - With this update, SystemTap probes have been added to the ruby package. All users of ruby are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id61197
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61197
    titleScientific Linux Security Update : ruby on SL6.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61197);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2011-2686");
    
      script_name(english:"Scientific Linux Security Update : ruby on SL6.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ruby is an extensible, interpreted, object-oriented, scripting
    language. It has features to process text files and to do system
    management tasks.
    
    It was found that Ruby did not reinitialize the PRNG (pseudorandom
    number generator) after forking a child process. This could eventually
    lead to the PRNG returning the same result twice. An attacker keeping
    track of the values returned by one child process could use this flaw
    to predict the values the PRNG would return in other child processes
    (as long as the parent process persisted). (CVE-2011-3009)
    
    A flaw was found in the Ruby SecureRandom module. When using the
    SecureRandom.random_bytes class, the PRNG state was not modified after
    forking a child process. This could eventually lead to
    SecureRandom.random_bytes returning the same string more than once. An
    attacker keeping track of the strings returned by one child process
    could use this flaw to predict the strings SecureRandom.random_bytes
    would return in other child processes (as long as the parent process
    persisted). (CVE-2011-2705)
    
    This update also fixes the following bugs :
    
      - The ruby package has been upgraded to upstream point
        release 1.8.7-p352, which provides a number of bug fixes
        over the previous version.
    
      - The MD5 message-digest algorithm is not a FIPS-approved
        algorithm. Consequently, when a Ruby script attempted to
        calculate an MD5 checksum in FIPS mode, the interpreter
        terminated unexpectedly. This bug has been fixed and an
        exception is now raised in the described scenario.
    
      - Due to inappropriately handled line continuations in the
        mkconfig.rb source file, an attempt to build the ruby
        package resulted in unexpected termination. An upstream
        patch has been applied to address this issue and the
        ruby package can now be built properly.
    
      - When the 32-bit ruby-libs library was installed on a
        64-bit machine, the mkmf library failed to load various
        modules necessary for building Ruby-related packages.
        This bug has been fixed and mkmf now works properly in
        the described scenario.
    
      - Previously, the load paths for scripts and binary
        modules were duplicated on the i386 architecture.
        Consequently, an ActiveSupport test failed. With this
        update, the load paths are no longer stored in
        duplicates on the i386 architecture.
    
    This update also adds the following enhancement :
    
      - With this update, SystemTap probes have been added to
        the ruby package.
    
    All users of ruby are advised to upgrade to these updated packages,
    which resolve these issues and add this enhancement."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1112&L=scientific-linux-errata&T=0&P=1448
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?de78dd47"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"ruby-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-debuginfo-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-devel-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-docs-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-irb-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-libs-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-rdoc-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-ri-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-static-1.8.7.352-3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"ruby-tcltk-1.8.7.352-3.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-235.NASL
    descriptionCVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an
    last seen2020-03-17
    modified2015-06-01
    plugin id83907
    published2015-06-01
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83907
    titleDebian DLA-235-1 : ruby1.9.1 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-235-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83907);
      script_version("2.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2011-0188", "CVE-2011-2705", "CVE-2012-4522", "CVE-2013-0256", "CVE-2013-2065", "CVE-2015-1855");
      script_bugtraq_id(46950, 46966, 49015, 56115, 57785, 59881, 74446);
    
      script_name(english:"Debian DLA-235-1 : ruby1.9.1 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2011-0188 The VpMemAlloc function in bigdecimal.c in the
    BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac
    OS X before 10.6.7 and other platforms, does not properly allocate
    memory, which allows context-dependent attackers to execute arbitrary
    code or cause a denial of service (application crash) via vectors
    involving creation of a large BigDecimal value within a 64-bit
    process, related to an 'integer truncation issue.'
    
    CVE-2011-2705 use upstream SVN r32050 to modify PRNG state to prevent
    random number sequence repeatation at forked child process which has
    same pid. Reported by Eric Wong.
    
    CVE-2012-4522 The rb_get_path_check function in file.c in Ruby 1.9.3
    before patchlevel 286 and Ruby 2.0.0 before r37163 allows
    context-dependent attackers to create files in unexpected locations or
    with unexpected names via a NUL byte in a file path.
    
    CVE-2013-0256 darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before
    4.0.0.preview2.1, as used in Ruby, does not properly generate
    documents, which allows remote attackers to conduct cross-site
    scripting (XSS) attacks via a crafted URL.
    
    CVE-2013-2065 (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3
    patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform
    taint checking for native functions, which allows context-dependent
    attackers to bypass intended $SAFE level restrictions.
    
    CVE-2015-1855 OpenSSL extension hostname matching implementation
    violates RFC 6125
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/05/msg00020.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/ruby1.9.1"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libruby1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libruby1.9.1-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libtcltk-ruby1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ri1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1-elisp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1-examples");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1-full");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/03/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"libruby1.9.1", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"libruby1.9.1-dbg", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"libtcltk-ruby1.9.1", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ri1.9.1", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1-dev", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1-elisp", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1-examples", reference:"1.9.2.0-2+deb6u4")) flag++;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1-full", reference:"1.9.2.0-2+deb6u4")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1581.NASL
    descriptionUpdated ruby packages that fix two security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). (CVE-2011-2705) This update also fixes the following bugs : * The ruby package has been upgraded to upstream point release 1.8.7-p352, which provides a number of bug fixes over the previous version. (BZ#706332) * The MD5 message-digest algorithm is not a FIPS-approved algorithm. Consequently, when a Ruby script attempted to calculate an MD5 checksum in FIPS mode, the interpreter terminated unexpectedly. This bug has been fixed and an exception is now raised in the described scenario. (BZ#717709) * Due to inappropriately handled line continuations in the mkconfig.rb source file, an attempt to build the ruby package resulted in unexpected termination. An upstream patch has been applied to address this issue and the ruby package can now be built properly. (BZ#730287) * When the 32-bit ruby-libs library was installed on a 64-bit machine, the mkmf library failed to load various modules necessary for building Ruby-related packages. This bug has been fixed and mkmf now works properly in the described scenario. (BZ#674787) * Previously, the load paths for scripts and binary modules were duplicated on the i386 architecture. Consequently, an ActiveSupport test failed. With this update, the load paths are no longer stored in duplicates on the i386 architecture. (BZ#722887) This update also adds the following enhancement : * With this update, SystemTap probes have been added to the ruby package. (BZ#673162) All users of ruby are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id57017
    published2011-12-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/57017
    titleRHEL 6 : ruby (RHSA-2011:1581)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2011:1581. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57017);
      script_version ("1.15");
      script_cvs_date("Date: 2019/10/25 13:36:16");
    
      script_cve_id("CVE-2011-2705", "CVE-2011-3009");
      script_bugtraq_id(49015, 49126);
      script_xref(name:"RHSA", value:"2011:1581");
    
      script_name(english:"RHEL 6 : ruby (RHSA-2011:1581)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ruby packages that fix two security issues, various bugs, and
    add one enhancement are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having low
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Ruby is an extensible, interpreted, object-oriented, scripting
    language. It has features to process text files and to do system
    management tasks.
    
    It was found that Ruby did not reinitialize the PRNG (pseudorandom
    number generator) after forking a child process. This could eventually
    lead to the PRNG returning the same result twice. An attacker keeping
    track of the values returned by one child process could use this flaw
    to predict the values the PRNG would return in other child processes
    (as long as the parent process persisted). (CVE-2011-3009)
    
    A flaw was found in the Ruby SecureRandom module. When using the
    SecureRandom.random_bytes class, the PRNG state was not modified after
    forking a child process. This could eventually lead to
    SecureRandom.random_bytes returning the same string more than once. An
    attacker keeping track of the strings returned by one child process
    could use this flaw to predict the strings SecureRandom.random_bytes
    would return in other child processes (as long as the parent process
    persisted). (CVE-2011-2705)
    
    This update also fixes the following bugs :
    
    * The ruby package has been upgraded to upstream point release
    1.8.7-p352, which provides a number of bug fixes over the previous
    version. (BZ#706332)
    
    * The MD5 message-digest algorithm is not a FIPS-approved algorithm.
    Consequently, when a Ruby script attempted to calculate an MD5
    checksum in FIPS mode, the interpreter terminated unexpectedly. This
    bug has been fixed and an exception is now raised in the described
    scenario. (BZ#717709)
    
    * Due to inappropriately handled line continuations in the mkconfig.rb
    source file, an attempt to build the ruby package resulted in
    unexpected termination. An upstream patch has been applied to address
    this issue and the ruby package can now be built properly. (BZ#730287)
    
    * When the 32-bit ruby-libs library was installed on a 64-bit machine,
    the mkmf library failed to load various modules necessary for building
    Ruby-related packages. This bug has been fixed and mkmf now works
    properly in the described scenario. (BZ#674787)
    
    * Previously, the load paths for scripts and binary modules were
    duplicated on the i386 architecture. Consequently, an ActiveSupport
    test failed. With this update, the load paths are no longer stored in
    duplicates on the i386 architecture. (BZ#722887)
    
    This update also adds the following enhancement :
    
    * With this update, SystemTap probes have been added to the ruby
    package. (BZ#673162)
    
    All users of ruby are advised to upgrade to these updated packages,
    which resolve these issues and add this enhancement."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-2705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2011-3009"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2011:1581"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-docs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-ri");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-static");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/12/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/12/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2011:1581";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"ruby-debuginfo-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"ruby-devel-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-docs-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-docs-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-docs-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-irb-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-irb-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-irb-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"ruby-libs-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-rdoc-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-rdoc-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-rdoc-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-ri-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-ri-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-ri-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-static-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-static-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-static-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"ruby-tcltk-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"ruby-tcltk-1.8.7.352-3.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby-tcltk-1.8.7.352-3.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-docs / ruby-irb / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-187P357-120126.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen2020-06-05
    modified2012-02-06
    plugin id57840
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57840
    titleSuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(57840);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705", "CVE-2011-3009", "CVE-2011-4815");
    
      script_name(english:"SuSE 11.1 Security Update : ruby (SAT Patch Number 5716)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of ruby provides 1.8.7p357, which contains many stability
    fixes and bug fixes while maintaining full compatibility with the
    previous version. A detailailed list of changes is available from
    http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog .
    
    The most important fixes are :
    
      - Hash functions are now using a randomized seed to avoid
        algorithmic complexity attacks. If available,
        OpenSSL::Random.seed at the SecureRandom.random_bytes is
        used to achieve this. (CVE-2011-4815)
    
      - mkconfig.rb: fix for continued lines.
    
      - Fix Infinity to be greater than any bignum number.
    
      - Initialize store->ex_data.sk.
    
      - Several IPv6 related fixes.
    
      - Fixes for zlib.
    
      - Reinitialize PRNG when forking children. (CVE-2011-2686
        / CVE-2011-3009)
    
      - Fixes to securerandom. (CVE-2011-2705)
    
      - Fix uri route_to
    
      - Fix race condition with variables and autoload."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=704409"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=739122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=740796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2686.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2705.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-3009.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-4815.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5716.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-tk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2012/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ruby-doc-html-1.8.7.p357-0.7.1")) flag++;
    if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ruby-tk-1.8.7.p357-0.7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9374.NASL
    descriptionNew version 1.8.7p352 is released, fixing randomization process in forked process (CVE-2011-2686). Also ruby path is fixed to have no duplicate directories on all archs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55678
    published2011-07-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55678
    titleFedora 14 : ruby-1.8.7.352-1.fc14 (2011-9374)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-9374.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55678);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705");
      script_xref(name:"FEDORA", value:"2011-9374");
    
      script_name(english:"Fedora 14 : ruby-1.8.7.352-1.fc14 (2011-9374)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New version 1.8.7p352 is released, fixing randomization process in
    forked process (CVE-2011-2686). Also ruby path is fixed to have no
    duplicate directories on all archs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=722415"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?205c2490"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ruby package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"ruby-1.8.7.352-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-88.NASL
    descriptionThis update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900 like situations. CVE-2011-2705 Modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong. CVE-2011-4815 Fix a problem with predictable hash collisions resulting in denial of service (CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde. CVE-2014-8080 Fix REXML parser to prevent memory consumption denial of service via crafted XML documents. Reported by Willis Vandevanter. CVE-2014-8090 Add REXML::Document#document to complement the fix for CVE-2014-8080. Reported by Tomas Hoger. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82233
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82233
    titleDebian DLA-88-1 : ruby1.8 security update

Redhat

advisories
rhsa
idRHSA-2011:1581
rpms
  • ruby-0:1.8.7.352-3.el6
  • ruby-debuginfo-0:1.8.7.352-3.el6
  • ruby-devel-0:1.8.7.352-3.el6
  • ruby-docs-0:1.8.7.352-3.el6
  • ruby-irb-0:1.8.7.352-3.el6
  • ruby-libs-0:1.8.7.352-3.el6
  • ruby-rdoc-0:1.8.7.352-3.el6
  • ruby-ri-0:1.8.7.352-3.el6
  • ruby-static-0:1.8.7.352-3.el6
  • ruby-tcltk-0:1.8.7.352-3.el6