Vulnerabilities > CVE-2012-3424 - Improper Authentication vulnerability in Rubyonrails Rails and Ruby ON Rails
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Authentication Abuse An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Utilizing REST's Trust in the System Resource to Register Man in the Middle This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
- Man in the Middle Attack This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AE2FA87C4BCA41388BE167CE2A19B3A8.NASL description There is a DoS vulnerability in Action Pack digest authentication handling in authenticate_or_request_with_http_digest. last seen 2020-06-01 modified 2020-06-02 plugin id 60134 published 2012-07-27 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60134 title FreeBSD : rubygem-actionpack -- Denial of Service (ae2fa87c-4bca-4138-8be1-67ce2a19b3a8) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(60134); script_version("1.4"); script_cvs_date("Date: 2018/11/10 11:49:43"); script_cve_id("CVE-2012-3424"); script_name(english:"FreeBSD : rubygem-actionpack -- Denial of Service (ae2fa87c-4bca-4138-8be1-67ce2a19b3a8)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "There is a DoS vulnerability in Action Pack digest authentication handling in authenticate_or_request_with_http_digest." ); # https://groups.google.com/forum/?fromgroups#!topic/rubyonrails-security/vxJjrc15qYM script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?aeaacbd5" ); # https://vuxml.freebsd.org/freebsd/ae2fa87c-4bca-4138-8be1-67ce2a19b3a8.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9e64cf61" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/26"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"rubygem-actionpack<3.2.7")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0154.NASL description Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request. (CVE-2013-0156) Red Hat is aware that a public exploit for the CVE-2013-0156 issues is available that allows remote code execution in applications using Ruby on Rails. Multiple input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2012-6496, CVE-2013-0155) Multiple input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) Users are advised to upgrade to these updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages, which resolve these issues. Katello must be restarted ( last seen 2020-06-01 modified 2020-06-02 plugin id 64076 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64076 title RHEL 6 : Ruby on Rails in Subscription Asset Manager (RHSA-2013:0154) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0154. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(64076); script_version("1.21"); script_cvs_date("Date: 2019/10/24 15:35:36"); script_cve_id("CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-6496", "CVE-2013-0155", "CVE-2013-0156"); script_xref(name:"RHSA", value:"2013:0154"); script_name(english:"RHEL 6 : Ruby on Rails in Subscription Asset Manager (RHSA-2013:0154)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Active Record implements object-relational mapping for accessing database entries using objects. Active Support provides support and utility classes used by the Ruby on Rails framework. Multiple flaws were found in the way Ruby on Rails performed XML parameter parsing in HTTP requests. A remote attacker could use these flaws to execute arbitrary code with the privileges of a Ruby on Rails application, perform SQL injection attacks, or bypass the authentication using a specially-created HTTP request. (CVE-2013-0156) Red Hat is aware that a public exploit for the CVE-2013-0156 issues is available that allows remote code execution in applications using Ruby on Rails. Multiple input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2012-6496, CVE-2013-0155) Multiple input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) Users are advised to upgrade to these updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages, which resolve these issues. Katello must be restarted ('service katello restart') for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0154" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2660" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2661" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2694" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2695" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3424" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3463" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3464" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3465" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-6496" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0155" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0156" ); # https://access.redhat.com/knowledge/solutions/290903 script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/solutions/290903" ); script_set_attribute( attribute:"solution", value: "Update the affected rubygem-actionpack, rubygem-activerecord and / or rubygem-activesupport packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Ruby on Rails XML Processor YAML Deserialization Code Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0154"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"candlepin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Subscription Asset Manager"); if (rpm_check(release:"RHEL6", reference:"rubygem-actionpack-3.0.10-11.el6cf")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-activerecord-3.0.10-8.el6cf")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-activesupport-3.0.10-5.el6cf")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionpack / rubygem-activerecord / rubygem-activesupport"); } }NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-536.NASL description Multiple version upgrades for rails components. last seen 2020-06-05 modified 2014-06-13 plugin id 74727 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74727 title openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-536. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74727); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424"); script_name(english:"openSUSE Security Update : rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc (openSUSE-SU-2012:1066-1)"); script_summary(english:"Check for the openSUSE-2012-536 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value:"Multiple version upgrades for rails components." ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html" ); script_set_attribute( attribute:"solution", value:"Update the affected rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / rubygem-activemodel-3_2 / etc packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionmailer-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-actionpack-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activemodel-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activerecord-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activeresource-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-activesupport-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-journey-1_0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-journey-1_0-testsuite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-rails-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-railties-3_2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:rubygem-sprockets-2_1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-actionmailer-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-actionpack-3_2-3.2.7-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-activemodel-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-activerecord-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-activeresource-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-activesupport-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-journey-1_0-1.0.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-journey-1_0-testsuite-1.0.4-3.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-rails-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-railties-3_2-3.2.7-2.4.1") ) flag++; if ( rpm_check(release:"SUSE12.2", reference:"rubygem-sprockets-2_1-2.1.3-3.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionmailer-3_2 / rubygem-actionpack-3_2 / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-11363.NASL description Fix for CVE-2012-3424. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-08-10 plugin id 61476 published 2012-08-10 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61476 title Fedora 17 : rubygem-actionpack-3.0.11-6.fc17 (2012-11363) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-11363. # include("compat.inc"); if (description) { script_id(61476); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3424"); script_bugtraq_id(54704); script_xref(name:"FEDORA", value:"2012-11363"); script_name(english:"Fedora 17 : rubygem-actionpack-3.0.11-6.fc17 (2012-11363)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2012-3424. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843711" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/084827.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?76cc1a2d" ); script_set_attribute( attribute:"solution", value:"Update the affected rubygem-actionpack package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"rubygem-actionpack-3.0.11-6.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionpack"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-11353.NASL description Fix for CVE-2012-3424. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-08-10 plugin id 61474 published 2012-08-10 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61474 title Fedora 16 : rubygem-actionpack-3.0.10-8.fc16 (2012-11353) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-11353. # include("compat.inc"); if (description) { script_id(61474); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3424"); script_bugtraq_id(54704); script_xref(name:"FEDORA", value:"2012-11353"); script_name(english:"Fedora 16 : rubygem-actionpack-3.0.10-8.fc16 (2012-11353)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for CVE-2012-3424. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=843711" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/084854.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1747988e" ); script_set_attribute( attribute:"solution", value:"Update the affected rubygem-actionpack package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"rubygem-actionpack-3.0.10-8.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rubygem-actionpack"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0582.NASL description Red Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system. For further information about this release, refer to the OpenShift Enterprise 1.1.1 Technical Notes, available shortly from https://access.redhat.com/knowledge/docs/ This update also fixes the following security issues : Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, a new, more collision resistant algorithm has been used to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-5371) Input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155) Input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) A flaw was found in the handling of strings in Ruby safe level 4. A remote attacker can use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified. (CVE-2012-4466) A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4464) It was found that ruby_parser from rubygem-ruby_parser created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to the application using ruby_parser. (CVE-2013-0162) The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat Regional IT team. Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1. last seen 2020-06-10 modified 2018-12-06 plugin id 119432 published 2018-12-06 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119432 title RHEL 6 : openshift (RHSA-2013:0582) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0582. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(119432); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/09"); script_cve_id("CVE-2012-2660", "CVE-2012-2661", "CVE-2012-2694", "CVE-2012-2695", "CVE-2012-3424", "CVE-2012-3463", "CVE-2012-3464", "CVE-2012-3465", "CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2012-5371", "CVE-2013-0155", "CVE-2013-0162", "CVE-2013-0276"); script_bugtraq_id(53753, 53754, 53970, 53976, 54704, 54957, 54958, 54959, 55757, 56115, 56484, 57192, 58110); script_xref(name:"RHSA", value:"2013:0582"); script_name(english:"RHEL 6 : openshift (RHSA-2013:0582)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Red Hat OpenShift Enterprise 1.1.1 is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenShift Enterprise is a cloud computing Platform-as-a-Service (PaaS) solution from Red Hat, and is designed for on-premise or private cloud deployments. Installing the updated packages and restarting the OpenShift services are the only requirements for this update. However, if you are updating your system to Red Hat Enterprise Linux 6.4 while applying OpenShift Enterprise 1.1.1 updates, it is recommended that you restart your system. For further information about this release, refer to the OpenShift Enterprise 1.1.1 Technical Notes, available shortly from https://access.redhat.com/knowledge/docs/ This update also fixes the following security issues : Multiple cross-site scripting (XSS) flaws were found in rubygem-actionpack. A remote attacker could use these flaws to conduct XSS attacks against users of an application using rubygem-actionpack. (CVE-2012-3463, CVE-2012-3464, CVE-2012-3465) It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, a new, more collision resistant algorithm has been used to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-5371) Input validation vulnerabilities were discovered in rubygem-activerecord. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-activerecord. (CVE-2012-2661, CVE-2012-2695, CVE-2013-0155) Input validation vulnerabilities were discovered in rubygem-actionpack. A remote attacker could possibly use these flaws to perform a SQL injection attack against an application using rubygem-actionpack and rubygem-activerecord. (CVE-2012-2660, CVE-2012-2694) A flaw was found in the HTTP digest authentication implementation in rubygem-actionpack. A remote attacker could use this flaw to cause a denial of service of an application using rubygem-actionpack and digest authentication. (CVE-2012-3424) A flaw was found in the handling of strings in Ruby safe level 4. A remote attacker can use Exception#to_s to destructively modify an untainted string so that it is tainted, the string can then be arbitrarily modified. (CVE-2012-4466) A flaw was found in the method for translating an exception message into a string in the Ruby Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4464) It was found that ruby_parser from rubygem-ruby_parser created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to the application using ruby_parser. (CVE-2013-0162) The CVE-2013-0162 issue was discovered by Michael Scherer of the Red Hat Regional IT team. Users are advised to upgrade to Red Hat OpenShift Enterprise 1.1.1." ); # https://access.redhat.com/knowledge/docs/ script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-us/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0582" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2660" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3463" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3465" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3424" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2661" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2694" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2695" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3464" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4522" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0155" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4464" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-5371" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-4466" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0162" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-0276" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz-gd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:graphviz-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-broker-util"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-cron-1.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-diy-0.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-haproxy-1.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbosseap-6.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jbossews-1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-1.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-jenkins-client-1.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-mysql-5.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-perl-5.10"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-php-5.3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-postgresql-8.4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-cartridge-ruby-1.9-scl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-origin-msg-node-mcollective"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-imap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-actionpack-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activemodel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-activerecord-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-bigdecimal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-io-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-minitest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-railties-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rake"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygem-ruby_parser-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby193-rubygems-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activemodel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-bson"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-mongo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-mongo-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-auth-remote-user"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-console-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-openshift-origin-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-ruby_parser-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0582"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-debuginfo-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-devel-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-doc-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-gd-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"graphviz-ruby-2.26.0-10.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-console-0.0.16-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-broker-1.0.11-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-broker-util-1.0.15-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-cron-1.4-1.0.3-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-diy-0.1-1.0.3-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-haproxy-1.4-1.0.4-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-jbosseap-6.0-1.0.4-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-jbossews-1.0-1.0.13-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-jenkins-1.4-1.0.2-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-jenkins-client-1.4-1.0.2-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-mysql-5.1-1.0.5-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-perl-5.10-1.0.3-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-php-5.3-1.0.5-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-postgresql-8.4-1.0.3-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-ruby-1.8-1.0.7-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-cartridge-ruby-1.9-scl-1.0.8-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"openshift-origin-msg-node-mcollective-1.0.3-1.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-bcmath-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-debuginfo-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-devel-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-imap-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-mbstring-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"php-process-5.3.3-22.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-debuginfo-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-devel-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-doc-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-ruby-irb-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-libs-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-ruby-tcltk-1.9.3.327-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-actionpack-3.2.8-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-actionpack-doc-3.2.8-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-activemodel-3.2.8-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-activemodel-doc-3.2.8-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-activerecord-3.2.8-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-activerecord-doc-3.2.8-3.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-rubygem-bigdecimal-1.1.0-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-rubygem-io-console-0.3-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-rubygem-json-1.5.4-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-minitest-2.5.1-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-railties-3.2.8-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-railties-doc-3.2.8-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-rake-0.9.2.2-25.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"ruby193-rubygem-rdoc-3.9.4-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-ruby_parser-2.3.1-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygem-ruby_parser-doc-2.3.1-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygems-1.8.23-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ruby193-rubygems-devel-1.8.23-25.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-actionpack-3.0.13-4.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-activemodel-3.0.13-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-activemodel-doc-3.0.13-3.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-activerecord-3.0.13-5.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-bson-1.8.1-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-mongo-1.8.1-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-mongo-doc-1.8.1-2.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-openshift-origin-auth-remote-user-1.0.5-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-openshift-origin-console-1.0.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-openshift-origin-console-doc-1.0.10-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-openshift-origin-controller-1.0.12-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-openshift-origin-node-1.0.11-1.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-ruby_parser-2.0.4-6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"rubygem-ruby_parser-doc-2.0.4-6.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "graphviz / graphviz-debuginfo / graphviz-devel / graphviz-doc / etc"); } }
Redhat
| advisories |
| ||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 54704 CVE ID: CVE-2012-3424 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 3.0.16、3.1.7、3.2.7之前版本在使用了"with_http_digest" 控制器助手方法的actionpack/lib/action_controller/metal/http_authentication.rb中存在错误,可被恶意用户利用造成拒绝服务。 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby on Rails ------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.rubyonrails.com/ |
| id | SSV:60303 |
| last seen | 2017-11-19 |
| modified | 2012-07-31 |
| published | 2012-07-31 |
| reporter | Root |
| title | Ruby on Rails 'authenticate_or_request_with_http_digest'方法拒绝服务漏洞 |