Vulnerabilities > CVE-2014-4975 - Buffer Errors vulnerability in Ruby-Lang Ruby

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
ruby-lang
redhat
debian
canonical
CWE-119
nessus

Summary

Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
888
OS
Redhat
4
OS
Debian
2
OS
Canonical
3

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-1067-1.NASL
    descriptionThis ruby2.1 update to version 2.1.9 fixes the following issues: Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new
    last seen2020-06-01
    modified2020-06-02
    plugin id99578
    published2017-04-21
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99578
    titleSUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:1067-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99578);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:15");
    
      script_cve_id("CVE-2014-4975", "CVE-2015-1855", "CVE-2015-3900", "CVE-2015-7551", "CVE-2016-2339");
      script_bugtraq_id(68474, 74446, 75482);
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : ruby2.1 (SUSE-SU-2017:1067-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This ruby2.1 update to version 2.1.9 fixes the following issues:
    Security issues fixed :
    
      - CVE-2016-2339: heap overflow vulnerability in the
        Fiddle::Function.new'initialize' (bsc#1018808)
    
      - CVE-2015-7551: Unsafe tainted string usage in Fiddle and
        DL (bsc#959495)
    
      - CVE-2015-3900: hostname validation does not work when
        fetching gems or making API requests (bsc#936032)
    
      - CVE-2015-1855: Ruby'a OpenSSL extension suffers a
        vulnerability through overly permissive matching of
        hostnames (bsc#926974)
    
      - CVE-2014-4975: off-by-one stack-based buffer overflow in
        the encodes() function (bsc#887877) Bugfixes :
    
      - SUSEconnect doesn't handle domain wildcards in no_proxy
        environment variable properly (bsc#1014863)
    
      - Segmentation fault after pack & ioctl & unpack
        (bsc#909695)
    
      - Ruby:HTTP Header injection in 'net/http' (bsc#986630)
        ChangeLog :
    
    - http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://svn.ruby-lang.org/repos/ruby/tags/v2_1_9/ChangeLog"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1018808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=887877"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=926974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=936032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=959495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986630"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4975/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1855/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-3900/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-7551/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2339/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20171067-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b050ba23"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-624=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t
    patch SUSE-SLE-SDK-12-SP1-2017-624=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2017-624=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-624=1
    
    SUSE Linux Enterprise Server 12-SP1:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-624=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2017-624=1
    
    SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP1-2017-624=1
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-624=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libruby2_1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libruby2_1-2_1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ruby2.1");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ruby2.1-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ruby2.1-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ruby2.1-stdlib-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(1|2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP1/2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libruby2_1-2_1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libruby2_1-2_1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"ruby2.1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"ruby2.1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"ruby2.1-debugsource-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"ruby2.1-stdlib-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"ruby2.1-stdlib-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libruby2_1-2_1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libruby2_1-2_1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"ruby2.1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"ruby2.1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"ruby2.1-debugsource-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"ruby2.1-stdlib-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"ruby2.1-stdlib-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libruby2_1-2_1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"libruby2_1-2_1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ruby2.1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ruby2.1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ruby2.1-debugsource-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ruby2.1-stdlib-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"1", cpu:"x86_64", reference:"ruby2.1-stdlib-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libruby2_1-2_1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"libruby2_1-2_1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ruby2.1-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ruby2.1-debuginfo-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ruby2.1-debugsource-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ruby2.1-stdlib-2.1.9-15.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"ruby2.1-stdlib-debuginfo-2.1.9-15.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby2.1");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1912.NASL
    descriptionUpdated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79596
    published2014-11-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79596
    titleRHEL 7 : ruby (RHSA-2014:1912)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1912. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79596);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2014-4975", "CVE-2014-8080", "CVE-2014-8090");
      script_bugtraq_id(68474, 70935, 71230);
      script_xref(name:"RHSA", value:"2014:1912");
    
      script_name(english:"RHEL 7 : ruby (RHSA-2014:1912)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated ruby packages that fix three security issues are now available
    for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Moderate
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    Ruby is an extensible, interpreted, object-oriented, scripting
    language. It has features to process text files and to perform system
    management tasks.
    
    Multiple denial of service flaws were found in the way the Ruby REXML
    XML parser performed expansion of parameter entities. A specially
    crafted XML document could cause REXML to use an excessive amount of
    CPU and memory. (CVE-2014-8080, CVE-2014-8090)
    
    A stack-based buffer overflow was found in the implementation of the
    Ruby Array pack() method. When performing base64 encoding, a single
    byte could be written past the end of the buffer, possibly causing
    Ruby to crash. (CVE-2014-4975)
    
    The CVE-2014-8090 issue was discovered by Red Hat Product Security.
    
    All ruby users are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues. All running
    instances of Ruby need to be restarted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8090"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-psych");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rake");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1912";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ruby-debuginfo-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-devel-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-devel-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ruby-doc-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ruby-irb-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"ruby-libs-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-tcltk-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-tcltk-2.0.0.353-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-bigdecimal-1.2.0-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-bigdecimal-1.2.0-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-io-console-0.4.2-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-io-console-0.4.2-22.el7_0")) flag++;
    
      if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-json-1.7.7-22.el7_0")) flag++;
    
      if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-json-1.7.7-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"rubygem-minitest-4.3.2-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-psych-2.0.0-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-psych-2.0.0-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"rubygem-rake-0.9.6-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"rubygem-rdoc-4.0.0-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"rubygems-2.0.14-22.el7_0")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"rubygems-devel-2.0.14-22.el7_0")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc");
      }
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1374.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.i1/4^CVE-2014-8080i1/4%0 - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.i1/4^CVE-2014-8090i1/4%0 - Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.(CVE-2014-4975) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2018-11-21
    plugin id119065
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119065
    titleEulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1374)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(119065);
      script_version("1.34");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/21");
    
      script_cve_id(
        "CVE-2014-4975",
        "CVE-2014-8080",
        "CVE-2014-8090"
      );
      script_bugtraq_id(
        68474,
        70935,
        71230
      );
    
      script_name(english:"EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1374)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the ruby packages installed, the EulerOS
    Virtualization installation on the remote host is affected by the
    following vulnerabilities :
    
      - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x
        before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote
        attackers to cause a denial of service (memory
        consumption) via a crafted XML document, aka an XML
        Entity Expansion (XEE) attack.i1/4^CVE-2014-8080i1/4%0
    
      - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel
        551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x
        before 2.1.5 allows remote attackers to cause a denial
        of service (CPU and memory consumption) a crafted XML
        document containing an empty string in an entity that
        is used in a large number of nested entity references,
        aka an XML Entity Expansion (XEE) attack. NOTE: this
        vulnerability exists because of an incomplete fix for
        CVE-2013-1821 and CVE-2014-8080.i1/4^CVE-2014-8090i1/4%0
    
      - Off-by-one error in the encodes function in pack.c in
        Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when
        using certain format string specifiers, allows
        context-dependent attackers to cause a denial of
        service (segmentation fault) via vectors that trigger a
        stack-based buffer overflow.(CVE-2014-4975)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1374
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?688a1521");
      script_set_attribute(attribute:"solution", value:
    "Update the affected ruby packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.1");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.1");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["ruby-2.0.0.353-23.h9",
            "ruby-irb-2.0.0.353-23.h9",
            "ruby-libs-2.0.0.353-23.h9",
            "rubygem-bigdecimal-1.2.0-23.h9",
            "rubygem-io-console-0.4.2-23.h9",
            "rubygem-json-1.7.7-23.h9",
            "rubygem-psych-2.0.0-23.h9",
            "rubygem-rdoc-4.0.0-23.h9",
            "rubygems-2.0.14-23.h9"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2397-1.NASL
    descriptionWill Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. (CVE-2014-8080). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78869
    published2014-11-05
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78869
    titleUbuntu 12.04 LTS / 14.04 LTS / 14.10 : ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerabilities (USN-2397-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1428.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466) - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287) - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a
    last seen2020-03-17
    modified2019-05-14
    plugin id124931
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124931
    titleEulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1912.NASL
    descriptionUpdated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79643
    published2014-12-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79643
    titleCentOS 7 : ruby (CESA-2014:1912)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2015-129.NASL
    descriptionUpdated ruby packages fix security vulnerabilities : Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8080). Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090).
    last seen2020-06-01
    modified2020-06-02
    plugin id82382
    published2015-03-30
    reporterThis script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82382
    titleMandriva Linux Security Advisory : ruby (MDVSA-2015:129)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3157.NASL
    descriptionMultiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. - CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash).
    last seen2020-03-17
    modified2015-02-10
    plugin id81250
    published2015-02-10
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81250
    titleDebian DSA-3157-1 : ruby1.9.1 - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1912.NASL
    descriptionFrom Red Hat Security Advisory 2014:1912 : Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id79594
    published2014-11-27
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79594
    titleOracle Linux 7 : ruby (ELSA-2014-1912)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-14096.NASL
    descriptionUpdate to Ruby 2.1.4. Include only vendor directories, not their content (rhbz#1114071). Fix
    last seen2020-03-17
    modified2014-11-11
    plugin id79092
    published2014-11-11
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79092
    titleFedora 21 : ruby-2.1.4-24.fc21 (2014-14096)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-527.NASL
    descriptionThis ruby2.1 update to version 2.1.9 fixes the following issues : Security issues fixed : - CVE-2016-2339: heap overflow vulnerability in the Fiddle::Function.new
    last seen2020-06-05
    modified2017-05-01
    plugin id99753
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/99753
    titleopenSUSE Security Update : ruby2.1 (openSUSE-2017-527)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-225.NASL
    descriptionUpdated ruby packages fix security vulnerabilities : Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090). Additionally ruby has been upgraded to patch level 374.
    last seen2020-06-01
    modified2020-06-02
    plugin id79571
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79571
    titleMandriva Linux Security Advisory : ruby (MDVSA-2014:225)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141126_RUBY_ON_SL7_X.NASL
    descriptionMultiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) All running instances of Ruby need to be restarted for this update to take effect.
    last seen2020-03-18
    modified2014-12-02
    plugin id79658
    published2014-12-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79658
    titleScientific Linux Security Update : ruby on SL7.x x86_64 (20141126)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-200.NASL
    descriptionCVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-04-16
    plugin id82805
    published2015-04-16
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82805
    titleDebian DLA-200-1 : ruby1.9.1 security update

Redhat

advisories
  • rhsa
    idRHSA-2014:1912
  • rhsa
    idRHSA-2014:1913
  • rhsa
    idRHSA-2014:1914
rpms
  • ruby-0:2.0.0.353-22.el7_0
  • ruby-debuginfo-0:2.0.0.353-22.el7_0
  • ruby-devel-0:2.0.0.353-22.el7_0
  • ruby-doc-0:2.0.0.353-22.el7_0
  • ruby-irb-0:2.0.0.353-22.el7_0
  • ruby-libs-0:2.0.0.353-22.el7_0
  • ruby-tcltk-0:2.0.0.353-22.el7_0
  • rubygem-bigdecimal-0:1.2.0-22.el7_0
  • rubygem-io-console-0:0.4.2-22.el7_0
  • rubygem-json-0:1.7.7-22.el7_0
  • rubygem-minitest-0:4.3.2-22.el7_0
  • rubygem-psych-0:2.0.0-22.el7_0
  • rubygem-rake-0:0.9.6-22.el7_0
  • rubygem-rdoc-0:4.0.0-22.el7_0
  • rubygems-0:2.0.14-22.el7_0
  • rubygems-devel-0:2.0.14-22.el7_0
  • ruby193-ruby-0:1.9.3.484-50.el6
  • ruby193-ruby-0:1.9.3.484-50.el7
  • ruby193-ruby-debuginfo-0:1.9.3.484-50.el6
  • ruby193-ruby-debuginfo-0:1.9.3.484-50.el7
  • ruby193-ruby-devel-0:1.9.3.484-50.el6
  • ruby193-ruby-devel-0:1.9.3.484-50.el7
  • ruby193-ruby-doc-0:1.9.3.484-50.el6
  • ruby193-ruby-doc-0:1.9.3.484-50.el7
  • ruby193-ruby-irb-0:1.9.3.484-50.el6
  • ruby193-ruby-irb-0:1.9.3.484-50.el7
  • ruby193-ruby-libs-0:1.9.3.484-50.el6
  • ruby193-ruby-libs-0:1.9.3.484-50.el7
  • ruby193-ruby-tcltk-0:1.9.3.484-50.el6
  • ruby193-ruby-tcltk-0:1.9.3.484-50.el7
  • ruby193-rubygem-bigdecimal-0:1.1.0-50.el6
  • ruby193-rubygem-bigdecimal-0:1.1.0-50.el7
  • ruby193-rubygem-io-console-0:0.3-50.el6
  • ruby193-rubygem-io-console-0:0.3-50.el7
  • ruby193-rubygem-json-0:1.5.5-50.el6
  • ruby193-rubygem-json-0:1.5.5-50.el7
  • ruby193-rubygem-minitest-0:2.5.1-50.el6
  • ruby193-rubygem-minitest-0:2.5.1-50.el7
  • ruby193-rubygem-rake-0:0.9.2.2-50.el6
  • ruby193-rubygem-rake-0:0.9.2.2-50.el7
  • ruby193-rubygem-rdoc-0:3.9.5-50.el6
  • ruby193-rubygem-rdoc-0:3.9.5-50.el7
  • ruby193-rubygems-0:1.8.23-50.el6
  • ruby193-rubygems-0:1.8.23-50.el7
  • ruby193-rubygems-devel-0:1.8.23-50.el6
  • ruby193-rubygems-devel-0:1.8.23-50.el7
  • ruby200-ruby-0:2.0.0.353-24.el6
  • ruby200-ruby-0:2.0.0.353-24.el7
  • ruby200-ruby-debuginfo-0:2.0.0.353-24.el6
  • ruby200-ruby-debuginfo-0:2.0.0.353-24.el7
  • ruby200-ruby-devel-0:2.0.0.353-24.el6
  • ruby200-ruby-devel-0:2.0.0.353-24.el7
  • ruby200-ruby-doc-0:2.0.0.353-24.el6
  • ruby200-ruby-doc-0:2.0.0.353-24.el7
  • ruby200-ruby-irb-0:2.0.0.353-24.el6
  • ruby200-ruby-irb-0:2.0.0.353-24.el7
  • ruby200-ruby-libs-0:2.0.0.353-24.el6
  • ruby200-ruby-libs-0:2.0.0.353-24.el7
  • ruby200-ruby-tcltk-0:2.0.0.353-24.el6
  • ruby200-ruby-tcltk-0:2.0.0.353-24.el7
  • ruby200-rubygem-bigdecimal-0:1.2.0-24.el6
  • ruby200-rubygem-bigdecimal-0:1.2.0-24.el7
  • ruby200-rubygem-io-console-0:0.4.2-24.el6
  • ruby200-rubygem-io-console-0:0.4.2-24.el7
  • ruby200-rubygem-json-0:1.7.7-24.el6
  • ruby200-rubygem-json-0:1.7.7-24.el7
  • ruby200-rubygem-minitest-0:4.3.2-24.el6
  • ruby200-rubygem-minitest-0:4.3.2-24.el7
  • ruby200-rubygem-psych-0:2.0.0-24.el6
  • ruby200-rubygem-psych-0:2.0.0-24.el7
  • ruby200-rubygem-rake-0:0.9.6-24.el6
  • ruby200-rubygem-rake-0:0.9.6-24.el7
  • ruby200-rubygem-rdoc-0:4.0.0-24.el6
  • ruby200-rubygem-rdoc-0:4.0.0-24.el7
  • ruby200-rubygems-0:2.0.14-24.el6
  • ruby200-rubygems-0:2.0.14-24.el7
  • ruby200-rubygems-devel-0:2.0.14-24.el6
  • ruby200-rubygems-devel-0:2.0.14-24.el7