Vulnerabilities > CVE-2013-4164 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ruby-Lang Ruby

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
ruby-lang
CWE-119
nessus
metasploit

Summary

Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Metasploit

descriptionWhen Ruby attempts to convert a string representation of a large floating point decimal number to its floating point equivalent, a heap-based buffer overflow can be triggered. This module has been tested successfully on a Ruby on Rails application using Ruby version 1.9.3-p448 with WebRick and Thin web servers, where the Rails application crashes with a segfault error. Other versions of Ruby are reported to be affected.
idMSF:AUXILIARY/DOS/HTTP/RAILS_JSON_FLOAT_DOS
last seen2020-06-07
modified2017-07-24
published2013-11-22
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/dos/http/rails_json_float_dos.rb
titleRuby on Rails JSON Processor Floating Point Heap Overflow DoS

Nessus

  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_RUBY_20140114.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. (CVE-2013-4164) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/ rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. (CVE-2013-4287) - Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287. (CVE-2013-4363)
    last seen2020-06-01
    modified2020-06-02
    plugin id80757
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80757
    titleOracle Solaris Third-Party Patch Update : ruby (multiple_vulnerabilities_in_ruby1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80757);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id("CVE-2013-4164", "CVE-2013-4287", "CVE-2013-4363");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : ruby (multiple_vulnerabilities_in_ruby1)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - Heap-based buffer overflow in Ruby 1.8, 1.9 before
        1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0
        preview2, and trunk before revision 43780 allows
        context-dependent attackers to cause a denial of service
        (segmentation fault) and possibly execute arbitrary code
        via a string that is converted to a floating point
        value, as demonstrated using (1) the to_f method or (2)
        JSON.parse. (CVE-2013-4164)
    
      - Algorithmic complexity vulnerability in
        Gem::Version::VERSION_PATTERN in lib/
        rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24
        through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before
        2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows
        remote attackers to cause a denial of service (CPU
        consumption) via a crafted gem version that triggers a
        large amount of backtracking in a regular expression.
        (CVE-2013-4287)
    
      - Algorithmic complexity vulnerability in
        Gem::Version::ANCHORED_VERSION_PATTERN in
        lib/rubygems/version.rb in RubyGems before 1.8.23.2,
        1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x
        before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247,
        allows remote attackers to cause a denial of service
        (CPU consumption) via a crafted gem version that
        triggers a large amount of backtracking in a regular
        expression. NOTE: this issue is due to an incomplete fix
        for CVE-2013-4287. (CVE-2013-4363)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      # https://blogs.oracle.com/sunsecurity/multiple-vulnerabilities-in-ruby
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cee1e109"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.15.4.0.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:ruby");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^ruby$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.1.15.0.4.0", sru:"SRU 11.1.15.4.0") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : ruby\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "ruby");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2810.NASL
    descriptionCharlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
    last seen2020-03-17
    modified2013-12-05
    plugin id71221
    published2013-12-05
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71221
    titleDebian DSA-2810-1 : ruby1.9.1 - heap overflow
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2810. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71221);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4164");
      script_bugtraq_id(63873);
      script_xref(name:"DSA", value:"2810");
    
      script_name(english:"Debian DSA-2810-1 : ruby1.9.1 - heap overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Charlie Somerville discovered that Ruby incorrectly handled floating
    point number conversion. If an application using Ruby accepted
    untrusted input strings and converted them to floating point numbers,
    an attacker able to provide such input could cause the application to
    crash or, possibly, execute arbitrary code with the privileges of the
    application."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/wheezy/ruby1.9.1"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2810"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the ruby1.9.1 packages.
    
    For the oldstable distribution (squeeze), this problem has been fixed
    in version 1.9.2.0-2+deb6u2.
    
    For the stable distribution (wheezy), this problem has been fixed in
    version 1.9.3.194-8.1+deb7u2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ruby1.9.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"ruby1.9.1", reference:"1.9.2.0-2+deb6u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libruby1.9.1", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libruby1.9.1-dbg", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"libtcltk-ruby1.9.1", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ri1.9.1", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ruby1.9.1", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ruby1.9.1-dev", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ruby1.9.1-examples", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ruby1.9.1-full", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    if (deb_check(release:"7.0", prefix:"ruby1.9.3", reference:"1.9.3.194-8.1+deb7u2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_RUBY_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse. (CVE-2013-4164)
    last seen2020-06-01
    modified2020-06-02
    plugin id80758
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80758
    titleOracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from the Oracle Third Party software advisories.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(80758);
      script_version("1.2");
      script_cvs_date("Date: 2018/11/15 20:50:25");
    
      script_cve_id("CVE-2013-4164");
    
      script_name(english:"Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4164_buffer_errors)");
      script_summary(english:"Check for the 'entire' version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Solaris system is missing a security patch for third-party
    software."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Solaris system is missing necessary patches to address
    security updates :
    
      - Heap-based buffer overflow in Ruby 1.8, 1.9 before
        1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0
        preview2, and trunk before revision 43780 allows
        context-dependent attackers to cause a denial of service
        (segmentation fault) and possibly execute arbitrary code
        via a string that is converted to a floating point
        value, as demonstrated using (1) the to_f method or (2)
        JSON.parse. (CVE-2013-4164)"
      );
      # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a913f44"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://blogs.oracle.com/sunsecurity/cve-2013-4164-buffer-errors-vulnerability-in-ruby"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.2.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:ruby");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Solaris11/release");
    if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11");
    pkg_list = solaris_pkg_list_leaves();
    if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages");
    
    if (empty_or_null(egrep(string:pkg_list, pattern:"^ruby$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    
    flag = 0;
    
    if (solaris_check_release(release:"0.5.11-0.175.2.0.0.0.0", sru:"11.2 SRU 0") > 0) flag++;
    
    if (flag)
    {
      error_extra = 'Affected package : ruby\n' + solaris_get_report2();
      error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra);
      if (report_verbosity > 0) security_warning(port:0, extra:error_extra);
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_PACKAGE_NOT_AFFECTED, "ruby");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-131125.NASL
    descriptionThe following security issue has been fixed : - heap overflow in float point parsing. (CVE-2013-4164)
    last seen2020-06-05
    modified2013-12-05
    plugin id71226
    published2013-12-05
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71226
    titleSuSE 11.2 / 11.3 Security Update : ruby (SAT Patch Numbers 8578 / 8579)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71226);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2009-0689", "CVE-2013-4164");
    
      script_name(english:"SuSE 11.2 / 11.3 Security Update : ruby (SAT Patch Numbers 8578 / 8579)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The following security issue has been fixed :
    
      - heap overflow in float point parsing. (CVE-2013-4164)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2009-0689.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4164.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8578 / 8579 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ruby-tk");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/11/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"ruby-doc-html-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"ruby-tk-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"ruby-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"ruby-doc-html-1.8.7.p357-0.9.13.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"ruby-tk-1.8.7.p357-0.9.13.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1428.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466) - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287) - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a
    last seen2020-03-17
    modified2019-05-14
    plugin id124931
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124931
    titleEulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124931);
      script_version("1.19");
      script_cvs_date("$Date$");
    
      script_cve_id(
        "CVE-2012-4464",
        "CVE-2012-4466",
        "CVE-2012-4522",
        "CVE-2012-5371",
        "CVE-2013-2065",
        "CVE-2013-4073",
        "CVE-2013-4164",
        "CVE-2013-4287",
        "CVE-2013-4363",
        "CVE-2014-4975",
        "CVE-2014-8080",
        "CVE-2014-8090",
        "CVE-2018-16395",
        "CVE-2018-16396",
        "CVE-2018-8780"
      );
      script_bugtraq_id(
        55757,
        56115,
        56484,
        59881,
        60843,
        62281,
        62442,
        63873,
        68474,
        70935,
        71230
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ruby packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - Ruby 1.8.7 before patchlevel 371, 1.9.3 before
        patchlevel 286, and 2.0 before revision r37068 allows
        context-dependent attackers to bypass safe-level
        restrictions and modify untainted strings via the
        name_err_mesg_to_str API function, which marks the
        string as tainted, a different vulnerability than
        CVE-2011-1005.(CVE-2012-4466)
    
      - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel
        551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x
        before 2.1.5 allows remote attackers to cause a denial
        of service (CPU and memory consumption) a crafted XML
        document containing an empty string in an entity that
        is used in a large number of nested entity references,
        aka an XML Entity Expansion (XEE) attack. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090)
    
      - Algorithmic complexity vulnerability in
        Gem::Version::VERSION_PATTERN in
        lib/rubygems/version.rb in RubyGems before 1.8.23.1,
        1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x
        before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247,
        allows remote attackers to cause a denial of service
        (CPU consumption) via a crafted gem version that
        triggers a large amount of backtracking in a regular
        expression.(CVE-2013-4287)
    
      - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x
        before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote
        attackers to cause a denial of service (memory
        consumption) via a crafted XML document, aka an XML
        Entity Expansion (XEE) attack.(CVE-2014-8080)
    
      - The OpenSSL::SSL.verify_certificate_identity function
        in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374,
        1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does
        not properly handle a '\\0' character in a domain name
        in the Subject Alternative Name field of an X.509
        certificate, which allows man-in-the-middle attackers
        to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification
        Authority, a related issue to
        CVE-2009-2408.(CVE-2013-4073)
    
      - The rb_get_path_check function in file.c in Ruby 1.9.3
        before patchlevel 286 and Ruby 2.0.0 before r37163
        allows context-dependent attackers to create files in
        unexpected locations or with unexpected names via a NUL
        byte in a file path.(CVE-2012-4522)
    
      - (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3
        patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do
        not perform taint checking for native functions, which
        allows context-dependent attackers to bypass intended
        $SAFE level restrictions.(CVE-2013-2065)
    
      - Algorithmic complexity vulnerability in
        Gem::Version::ANCHORED_VERSION_PATTERN in
        lib/rubygems/version.rb in RubyGems before 1.8.23.2,
        1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x
        before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247,
        allows remote attackers to cause a denial of service
        (CPU consumption) via a crafted gem version that
        triggers a large amount of backtracking in a regular
        expression. NOTE: this issue is due to an incomplete
        fix for CVE-2013-4287.(CVE-2013-4363)
    
      - Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before
        r37575 computes hash values without properly
        restricting the ability to trigger hash collisions
        predictably, which allows context-dependent attackers
        to cause a denial of service (CPU consumption) via
        crafted input to an application that maintains a hash
        table, as demonstrated by a universal multicollision
        attack against a variant of the MurmurHash2 algorithm,
        a different vulnerability than
        CVE-2011-4815.(CVE-2012-5371)
    
      - Off-by-one error in the encodes function in pack.c in
        Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when
        using certain format string specifiers, allows
        context-dependent attackers to cause a denial of
        service (segmentation fault) via vectors that trigger a
        stack-based buffer overflow.(CVE-2014-4975)
    
      - Heap-based buffer overflow in Ruby 1.8, 1.9 before
        1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0
        preview2, and trunk before revision 43780 allows
        context-dependent attackers to cause a denial of
        service (segmentation fault) and possibly execute
        arbitrary code via a string that is converted to a
        floating point value, as demonstrated using (1) the
        to_f method or (2) JSON.parse.(CVE-2013-4164)
    
      - It was found that the methods from the Dir class did
        not properly handle strings containing the NULL byte.
        An attacker, able to inject NULL bytes in a path, could
        possibly trigger an unspecified behavior of the ruby
        script.(CVE-2018-8780)
    
      - Ruby 1.9.3 before patchlevel 286 and 2.0 before
        revision r37068 allows context-dependent attackers to
        bypass safe-level restrictions and modify untainted
        strings via the (1) exc_to_s or (2) name_err_to_s API
        function, which marks the string as tainted, a
        different vulnerability than CVE-2012-4466. NOTE: this
        issue might exist because of a CVE-2011-1005
        regression.(CVE-2012-4464)
    
      - An issue was discovered in the OpenSSL library in Ruby
        before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2,
        and 2.6.x before 2.6.0-preview3. When two
        OpenSSL::X509::Name objects are compared using ==,
        depending on the ordering, non-equal objects may return
        true. When the first argument is one character longer
        than the second, or the second argument contains a
        character that is one less than a character in the same
        position of the first argument, the result of == will
        be true. This could be leveraged to create an
        illegitimate certificate that may be accepted as
        legitimate and then used in signing or encryption
        operations.(CVE-2018-16395)
    
      - An issue was discovered in Ruby before 2.3.8, 2.4.x
        before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before
        2.6.0-preview3. It does not taint strings that result
        from unpacking tainted strings with some
        formats.(CVE-2018-16396)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1428
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81cbe7ae");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-8780");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ruby-2.0.0.648-33.h12",
            "ruby-irb-2.0.0.648-33.h12",
            "ruby-libs-2.0.0.648-33.h12",
            "rubygem-bigdecimal-1.2.0-33.h12",
            "rubygem-io-console-0.4.2-33.h12",
            "rubygem-json-1.7.7-33.h12",
            "rubygem-psych-2.0.0-33.h12",
            "rubygem-rdoc-4.0.0-33.h12",
            "rubygems-2.0.14.1-33.h12"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-940.NASL
    descriptionThe following security issue was fixed in ruby19 :
    last seen2020-06-05
    modified2014-06-13
    plugin id75221
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75221
    titleopenSUSE Security Update : ruby19 (openSUSE-SU-2013:1835-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1767.NASL
    descriptionUpdated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2, 6.3, and 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id78982
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78982
    titleRHEL 6 : ruby (RHSA-2013:1767)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-943.NASL
    descriptionthe following security issue was fixed in ruby20 : - fix CVE-2013-4164: heap overflow in float point parsing (bnc#851803) The file CVE-2013-4164.patch contains the patch
    last seen2020-06-05
    modified2014-06-13
    plugin id75224
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75224
    titleopenSUSE Security Update : ruby20 (openSUSE-SU-2013:1834-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2013-350-06.NASL
    descriptionNew ruby packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71472
    published2013-12-17
    reporterThis script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71472
    titleSlackware 13.1 / 13.37 / 14.0 / 14.1 / current : ruby (SSA:2013-350-06)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CC9043CF7F7A426EB2CC8D1980618113.NASL
    descriptionRuby developers report : Any time a string is converted to a floating point value, a specially crafted string can cause a heap overflow. This can lead to a denial of service attack via segmentation faults and possibly arbitrary code execution. Any program that converts input of unknown origin to floating point values (especially common when accepting JSON) are vulnerable.
    last seen2020-06-01
    modified2020-06-02
    plugin id71072
    published2013-11-25
    reporterThis script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71072
    titleFreeBSD : ruby -- Heap Overflow in Floating Point Parsing (cc9043cf-7f7a-426e-b2cc-8d1980618113)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1764.NASL
    descriptionFrom Red Hat Security Advisory 2013:1764 : Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71131
    published2013-11-29
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71131
    titleOracle Linux 6 : ruby (ELSA-2013-1764)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22423.NASL
    descriptionUpdate to Ruby 2.0.0-p353. This includes fix to an overflow in floating point number parsing found in Ruby currently being shipped on Fedora 20. This vulnerability has been assigned the CVE identifier CVE-2013-4164. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-04
    plugin id71184
    published2013-12-04
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71184
    titleFedora 19 : ruby-2.0.0.353-16.fc19 (2013-22423)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SERVER_4_0.NASL
    descriptionThe remote Mac OS X host has a version of OS X Server installed that is prior to version 4.0. It is, therefore, affected by the following vulnerabilities : - There are multiple vulnerabilities within the included BIND, the most serious of which can lead to a denial of service. (CVE-2013-3919, CVE-2013-4854, CVE-2014-0591) - There are multiple vulnerabilities within the included LibYAML for the Profile Manager and ServerRuby, the most serious of which can lead to arbitrary code execution. (CVE-2013-4164, CVE-2013-6393) - There are multiple vulnerabilities within the included PostgreSQL, the most serious of which can lead to arbitrary code execution. (CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066) - An error exists related to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A man-in-the-middle attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. This is also known as the
    last seen2020-06-01
    modified2020-06-02
    plugin id78601
    published2014-10-21
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78601
    titleMac OS X : OS X Server < 4.0 Multiple Vulnerabilities (POODLE)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22315.NASL
    descriptionAn overflow in floating point number parsing was found in Ruby currently being shipped on Fedora 19. This vulnerability has been assigned the CVE identifier CVE-2013-4164. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-11
    plugin id71328
    published2013-12-11
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71328
    titleFedora 18 : ruby-1.9.3.484-32.fc18 (2013-22315)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2809.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all host memory. - CVE-2013-4073 William (B.J.) Snow Orvis discovered a vulnerability in the hostname checking in Ruby
    last seen2020-03-17
    modified2013-12-05
    plugin id71220
    published2013-12-05
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71220
    titleDebian DSA-2809-1 : ruby1.8 - several vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1764.NASL
    descriptionUpdated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id71093
    published2013-11-26
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71093
    titleRHEL 6 : ruby (RHSA-2013:1764)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-286.NASL
    descriptionA vulnerability was found and corrected in ruby : Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse (CVE-2013-4164). The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71100
    published2013-11-27
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71100
    titleMandriva Linux Security Advisory : ruby (MDVSA-2013:286)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2014-002.NASL
    descriptionThe remote host is running a version of Mac OS X 10.7, 10.8, or 10.9 that does not have Security Update 2014-002 applied. This update contains several security-related fixes for the following components : - CFNetwork HTTPProtocl - CoreServicesUIAgent - FontParser - Heimdal Kerberos - ImageIO - Intel Graphics Driver - IOKit Kernel - Kernel - Power Management - Ruby - Security - Secure Transport - Window Server Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id73648
    published2014-04-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73648
    titleMac OS X Multiple Vulnerabilities (Security Update 2014-002)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-22393.NASL
    descriptionUpdate to Ruby 2.0.0-p353. This includes fix to an overflow in floating point number parsing found in Ruby currently being shipped on Fedora 20. This vulnerability has been assigned the CVE identifier CVE-2013-4164. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-14
    plugin id71410
    published2013-12-14
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71410
    titleFedora 20 : ruby-2.0.0.353-16.fc20 (2013-22393)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-248.NASL
    descriptionHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
    last seen2020-06-01
    modified2020-06-02
    plugin id71079
    published2013-11-26
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71079
    titleAmazon Linux AMI : ruby (ALAS-2013-248)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-247.NASL
    descriptionHeap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
    last seen2020-06-01
    modified2020-06-02
    plugin id71078
    published2013-11-26
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71078
    titleAmazon Linux AMI : ruby19 (ALAS-2013-247)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-27 (Ruby: Denial of Service) Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79980
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79980
    titleGLSA-201412-27 : Ruby: Denial of Service
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20131125_RUBY_ON_SL6_X.NASL
    descriptionA buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164)
    last seen2020-03-18
    modified2013-12-04
    plugin id71202
    published2013-12-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71202
    titleScientific Linux Security Update : ruby on SL6.x i386/x86_64 (20131125)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1764.NASL
    descriptionUpdated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id79176
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79176
    titleCentOS 6 : ruby (CESA-2013:1764)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2035-1.NASL
    descriptionCharlie Somerville discovered that Ruby incorrectly handled floating point number conversion. An attacker could possibly use this issue with an application that converts text to floating point numbers to cause the application to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2013-4164) Vit Ondruch discovered that Ruby did not perform taint checking for certain functions. An attacker could possibly use this issue to bypass certain intended restrictions. (CVE-2013-2065). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71139
    published2013-11-29
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71139
    titleUbuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : ruby1.8, ruby1.9.1 vulnerabilities (USN-2035-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SERVER_3_1_2.NASL
    descriptionThe remote Mac OS X 10.9 host has a version of OS X Server installed that is prior to 3.1.2. It is, therefore, affected by a heap-based buffer overflow vulnerability in the Ruby component that occurs when converting a string to a floating point value. A remote attacker can exploit this, via a specially crafted request to Profile Manager or to a Ruby script, to cause a denial of service condition or the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id74124
    published2014-05-21
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74124
    titleMac OS X : OS X Server < 3.1.2 Heap-Based Buffer Overflow
  • NASL familyCGI abuses
    NASL idPUPPET_ENTERPRISE_311.NASL
    descriptionAccording to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.1.1. As a result, it is reportedly affected by multiple vulnerabilities : - An input validation error exists related to the included Ruby version, handling string to floating point conversions that could allow denial of service attacks or arbitrary code execution. (CVE-2013-4164) - An error exists related to the included RubyGems version and
    last seen2020-06-01
    modified2020-06-02
    plugin id73132
    published2014-03-21
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73132
    titlePuppet Enterprise 3.x < 3.1.1 Multiple Vulnerabilities

Redhat

advisories
  • bugzilla
    id1033460
    titleCVE-2013-4164 ruby: heap overflow in floating point parsing
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentruby is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764001
          • commentruby is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20193384030
        • AND
          • commentruby-devel is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764003
          • commentruby-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20193384026
        • AND
          • commentruby-libs is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764005
          • commentruby-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20193384024
        • AND
          • commentruby-irb is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764007
          • commentruby-irb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20193384070
        • AND
          • commentruby-rdoc is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764009
          • commentruby-rdoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910004
        • AND
          • commentruby-tcltk is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764011
          • commentruby-tcltk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910008
        • AND
          • commentruby-docs is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764013
          • commentruby-docs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910016
        • AND
          • commentruby-static is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764015
          • commentruby-static is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910002
        • AND
          • commentruby-ri is earlier than 0:1.8.7.352-13.el6
            ovaloval:com.redhat.rhsa:tst:20131764017
          • commentruby-ri is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910012
    rhsa
    idRHSA-2013:1764
    released2013-11-25
    severityCritical
    titleRHSA-2013:1764: ruby security update (Critical)
  • rhsa
    idRHSA-2013:1763
  • rhsa
    idRHSA-2013:1767
  • rhsa
    idRHSA-2014:0011
  • rhsa
    idRHSA-2014:0215
rpms
  • ruby193-ruby-0:1.9.3.448-40.1.el6
  • ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6
  • ruby193-ruby-devel-0:1.9.3.448-40.1.el6
  • ruby193-ruby-doc-0:1.9.3.448-40.1.el6
  • ruby193-ruby-irb-0:1.9.3.448-40.1.el6
  • ruby193-ruby-libs-0:1.9.3.448-40.1.el6
  • ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6
  • ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6
  • ruby193-rubygem-io-console-0:0.3-40.1.el6
  • ruby193-rubygem-json-0:1.5.5-40.1.el6
  • ruby193-rubygem-minitest-0:2.5.1-40.1.el6
  • ruby193-rubygem-rake-0:0.9.2.2-40.1.el6
  • ruby193-rubygem-rdoc-0:3.9.5-40.1.el6
  • ruby193-rubygems-0:1.8.23-40.1.el6
  • ruby193-rubygems-devel-0:1.8.23-40.1.el6
  • ruby-0:1.8.7.352-13.el6
  • ruby-debuginfo-0:1.8.7.352-13.el6
  • ruby-devel-0:1.8.7.352-13.el6
  • ruby-docs-0:1.8.7.352-13.el6
  • ruby-irb-0:1.8.7.352-13.el6
  • ruby-libs-0:1.8.7.352-13.el6
  • ruby-rdoc-0:1.8.7.352-13.el6
  • ruby-ri-0:1.8.7.352-13.el6
  • ruby-static-0:1.8.7.352-13.el6
  • ruby-tcltk-0:1.8.7.352-13.el6
  • ruby-0:1.8.7.352-13.el6_2
  • ruby-0:1.8.7.352-13.el6_3
  • ruby-0:1.8.7.352-13.el6_4
  • ruby-debuginfo-0:1.8.7.352-13.el6_2
  • ruby-debuginfo-0:1.8.7.352-13.el6_3
  • ruby-debuginfo-0:1.8.7.352-13.el6_4
  • ruby-devel-0:1.8.7.352-13.el6_2
  • ruby-devel-0:1.8.7.352-13.el6_3
  • ruby-devel-0:1.8.7.352-13.el6_4
  • ruby-docs-0:1.8.7.352-13.el6_2
  • ruby-docs-0:1.8.7.352-13.el6_3
  • ruby-docs-0:1.8.7.352-13.el6_4
  • ruby-irb-0:1.8.7.352-13.el6_2
  • ruby-irb-0:1.8.7.352-13.el6_3
  • ruby-irb-0:1.8.7.352-13.el6_4
  • ruby-libs-0:1.8.7.352-13.el6_2
  • ruby-libs-0:1.8.7.352-13.el6_3
  • ruby-libs-0:1.8.7.352-13.el6_4
  • ruby-rdoc-0:1.8.7.352-13.el6_2
  • ruby-rdoc-0:1.8.7.352-13.el6_3
  • ruby-rdoc-0:1.8.7.352-13.el6_4
  • ruby-ri-0:1.8.7.352-13.el6_2
  • ruby-ri-0:1.8.7.352-13.el6_3
  • ruby-ri-0:1.8.7.352-13.el6_4
  • ruby-static-0:1.8.7.352-13.el6_2
  • ruby-static-0:1.8.7.352-13.el6_3
  • ruby-static-0:1.8.7.352-13.el6_4
  • ruby-tcltk-0:1.8.7.352-13.el6_2
  • ruby-tcltk-0:1.8.7.352-13.el6_3
  • ruby-tcltk-0:1.8.7.352-13.el6_4
  • ruby193-ruby-0:1.9.3.448-40.1.el6
  • ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6
  • ruby193-ruby-devel-0:1.9.3.448-40.1.el6
  • ruby193-ruby-doc-0:1.9.3.448-40.1.el6
  • ruby193-ruby-irb-0:1.9.3.448-40.1.el6
  • ruby193-ruby-libs-0:1.9.3.448-40.1.el6
  • ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6
  • ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6
  • ruby193-rubygem-io-console-0:0.3-40.1.el6
  • ruby193-rubygem-json-0:1.5.5-40.1.el6
  • ruby193-rubygem-minitest-0:2.5.1-40.1.el6
  • ruby193-rubygem-rake-0:0.9.2.2-40.1.el6
  • cfme-0:5.2.2.3-1.el6cf
  • cfme-appliance-0:5.2.2.3-1.el6cf
  • cfme-debuginfo-0:5.2.2.3-1.el6cf
  • cfme-lib-0:5.2.2.3-1.el6cf
  • mingw32-cfme-host-0:5.2.2.3-1.el6cf
  • ruby193-ruby-0:1.9.3.448-40.1.el6
  • ruby193-ruby-debuginfo-0:1.9.3.448-40.1.el6
  • ruby193-ruby-devel-0:1.9.3.448-40.1.el6
  • ruby193-ruby-irb-0:1.9.3.448-40.1.el6
  • ruby193-ruby-libs-0:1.9.3.448-40.1.el6
  • ruby193-ruby-tcltk-0:1.9.3.448-40.1.el6
  • ruby193-rubygem-actionpack-1:3.2.13-5.el6cf
  • ruby193-rubygem-amq-protocol-0:1.9.2-3.el6cf
  • ruby193-rubygem-amq-protocol-doc-0:1.9.2-3.el6cf
  • ruby193-rubygem-bigdecimal-0:1.1.0-40.1.el6
  • ruby193-rubygem-bunny-0:1.0.7-1.el6cf
  • ruby193-rubygem-bunny-doc-0:1.0.7-1.el6cf
  • ruby193-rubygem-excon-0:0.31.0-1.el6cf
  • ruby193-rubygem-fog-0:1.19.0-1.el6cf
  • ruby193-rubygem-io-console-0:0.3-40.1.el6
  • ruby193-rubygem-linux_admin-0:0.7.0-1.el6cf
  • ruby193-rubygem-more_core_extensions-0:1.1.2-1.el6cf
  • ruby193-rubygem-nokogiri-0:1.5.6-3.el6cf
  • ruby193-rubygem-nokogiri-debuginfo-0:1.5.6-3.el6cf
  • ruby193-rubygems-0:1.8.23-40.1.el6
  • ruby193-rubygems-devel-0:1.8.23-40.1.el6