Vulnerabilities > CVE-2014-8080
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| OS | 3 | |
| OS | 2 | |
| Application | 24 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1912.NASL description Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79596 published 2014-11-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79596 title RHEL 7 : ruby (RHSA-2014:1912) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1912. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(79596); script_version("1.17"); script_cvs_date("Date: 2019/10/24 15:35:39"); script_cve_id("CVE-2014-4975", "CVE-2014-8080", "CVE-2014-8090"); script_bugtraq_id(68474, 70935, 71230); script_xref(name:"RHSA", value:"2014:1912"); script_name(english:"RHEL 7 : ruby (RHSA-2014:1912)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1912" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8080" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-4975" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-8090" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-bigdecimal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-io-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-minitest"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-psych"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rake"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygem-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rubygems-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1912"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"ruby-debuginfo-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-devel-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-devel-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"ruby-doc-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"ruby-irb-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"ruby-libs-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"ruby-tcltk-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ruby-tcltk-2.0.0.353-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-bigdecimal-1.2.0-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-bigdecimal-1.2.0-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-io-console-0.4.2-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-io-console-0.4.2-22.el7_0")) flag++; if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-json-1.7.7-22.el7_0")) flag++; if (rpm_exists(rpm:"rubygem-json-1.7", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-json-1.7.7-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"rubygem-minitest-4.3.2-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"rubygem-psych-2.0.0-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rubygem-psych-2.0.0-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"rubygem-rake-0.9.6-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"rubygem-rdoc-4.0.0-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"rubygems-2.0.14-22.el7_0")) flag++; if (rpm_check(release:"RHEL7", reference:"rubygems-devel-2.0.14-22.el7_0")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-debuginfo / ruby-devel / ruby-doc / ruby-irb / etc"); } }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-449.NASL description The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved using larger inputs. last seen 2020-06-01 modified 2020-06-02 plugin id 79298 published 2014-11-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79298 title Amazon Linux AMI : ruby21 (ALAS-2014-449) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-449. # include("compat.inc"); if (description) { script_id(79298); script_version("1.6"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-8090"); script_xref(name:"ALAS", value:"2014-449"); script_name(english:"Amazon Linux AMI : ruby21 (ALAS-2014-449)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved using larger inputs." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-449.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update ruby21' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-bigdecimal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-io-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-psych"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems21"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems21-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"ruby21-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby21-debuginfo-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby21-devel-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby21-doc-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby21-irb-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby21-libs-2.1.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem21-bigdecimal-1.2.4-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem21-io-console-0.4.2-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem21-psych-2.0.5-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygems21-2.2.2-1.15.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygems21-devel-2.2.2-1.15.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby21 / ruby21-debuginfo / ruby21-devel / ruby21-doc / ruby21-irb / etc"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1911.NASL description From Red Hat Security Advisory 2014:1911 : Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79593 published 2014-11-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79593 title Oracle Linux 6 : ruby (ELSA-2014-1911) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1911 and # Oracle Linux Security Advisory ELSA-2014-1911 respectively. # include("compat.inc"); if (description) { script_id(79593); script_version("1.11"); script_cvs_date("Date: 2019/09/30 10:58:19"); script_cve_id("CVE-2014-8080", "CVE-2014-8090"); script_bugtraq_id(70935, 71230); script_xref(name:"RHSA", value:"2014:1911"); script_name(english:"Oracle Linux 6 : ruby (ELSA-2014-1911)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2014:1911 : Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2014-November/004673.html" ); script_set_attribute(attribute:"solution", value:"Update the affected ruby packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-ri"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-tcltk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"ruby-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-devel-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-docs-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-irb-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-libs-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-rdoc-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-ri-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-static-1.8.7.374-3.el6_6")) flag++; if (rpm_check(release:"EL6", reference:"ruby-tcltk-1.8.7.374-3.el6_6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby / ruby-devel / ruby-docs / ruby-irb / ruby-libs / ruby-rdoc / etc"); }NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-441.NASL description The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. last seen 2020-06-01 modified 2020-06-02 plugin id 78874 published 2014-11-06 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78874 title Amazon Linux AMI : ruby20 (ALAS-2014-441) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-441. # include("compat.inc"); if (description) { script_id(78874); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-8080"); script_xref(name:"ALAS", value:"2014-441"); script_name(english:"Amazon Linux AMI : ruby20 (ALAS-2014-441)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-441.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update ruby20' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-bigdecimal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-io-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-psych"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems20"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems20-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"ruby20-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby20-debuginfo-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby20-devel-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby20-doc-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby20-irb-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"ruby20-libs-2.0.0.594-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem20-bigdecimal-1.2.0-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem20-io-console-0.4.2-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygem20-psych-2.0.0-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygems20-2.0.14-1.19.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"rubygems20-devel-2.0.14-1.19.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby20 / ruby20-debuginfo / ruby20-devel / ruby20-doc / ruby20-irb / etc"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1374.NASL description According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.i1/4^CVE-2014-8080i1/4%0 - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.i1/4^CVE-2014-8090i1/4%0 - Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.(CVE-2014-4975) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2018-11-21 plugin id 119065 published 2018-11-21 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119065 title EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1374) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119065); script_version("1.34"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/21"); script_cve_id( "CVE-2014-4975", "CVE-2014-8080", "CVE-2014-8090" ); script_bugtraq_id( 68474, 70935, 71230 ); script_name(english:"EulerOS Virtualization 2.5.1 : ruby (EulerOS-SA-2018-1374)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.i1/4^CVE-2014-8080i1/4%0 - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.i1/4^CVE-2014-8090i1/4%0 - Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow.(CVE-2014-4975) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1374 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?688a1521"); script_set_attribute(attribute:"solution", value: "Update the affected ruby packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-irb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ruby-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-bigdecimal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-io-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-json"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-psych"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygem-rdoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rubygems"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.1"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "2.5.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.1"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["ruby-2.0.0.353-23.h9", "ruby-irb-2.0.0.353-23.h9", "ruby-libs-2.0.0.353-23.h9", "rubygem-bigdecimal-1.2.0-23.h9", "rubygem-io-console-0.4.2-23.h9", "rubygem-json-1.7.7-23.h9", "rubygem-psych-2.0.0-23.h9", "rubygem-rdoc-4.0.0-23.h9", "rubygems-2.0.14-23.h9"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2397-1.NASL description Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-4975) Willis Vandevanter discovered that Ruby incorrectly handled XML entity expansion. An attacker could use this flaw to cause Ruby to consume large amounts of resources, resulting in a denial of service. (CVE-2014-8080). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78869 published 2014-11-05 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78869 title Ubuntu 12.04 LTS / 14.04 LTS / 14.10 : ruby1.8, ruby1.9.1, ruby2.0, ruby2.1 vulnerabilities (USN-2397-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1428.NASL description According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005.(CVE-2012-4466) - The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.(CVE-2014-8090) - Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression.(CVE-2013-4287) - The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.(CVE-2014-8080) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a last seen 2020-03-17 modified 2019-05-14 plugin id 124931 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124931 title EulerOS Virtualization 3.0.1.0 : ruby (EulerOS-SA-2019-1428) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1911.NASL description Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79642 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79642 title CentOS 6 : ruby (CESA-2014:1911) NASL family MacOS X Local Security Checks NASL id MACOSX_10_11.NASL description The remote host is running a version of Mac OS X that is 10.6.8 or later but prior to 10.11. It is, therefore, affected by multiple vulnerabilities in the following components : - Address Book - AirScan - apache_mod_php - Apple Online Store Kit - AppleEvents - Audio - bash - Certificate Trust Policy - CFNetwork Cookies - CFNetwork FTPProtocol - CFNetwork HTTPProtocol - CFNetwork Proxies - CFNetwork SSL - CoreCrypto - CoreText - Dev Tools - Disk Images - dyld - EFI - Finder - Game Center - Heimdal - ICU - Install Framework Legacy - Intel Graphics Driver - IOAudioFamily - IOGraphics - IOHIDFamily - IOStorageFamily - Kernel - libc - libpthread - libxpc - Login Window - lukemftpd - Mail - Multipeer Connectivity - NetworkExtension - Notes - OpenSSH - OpenSSL - procmail - remote_cmds - removefile - Ruby - Safari - Safari Downloads - Safari Extensions - Safari Safe Browsing - Security - SMB - SQLite - Telephony - Terminal - tidy - Time Machine - WebKit - WebKit CSS - WebKit JavaScript Bindings - WebKit Page Loading - WebKit Plug-ins Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 86270 published 2015-10-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86270 title Mac OS X < 10.11 Multiple Vulnerabilities (GHOST) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-439.NASL description The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack. last seen 2020-06-01 modified 2020-06-02 plugin id 78872 published 2014-11-06 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78872 title Amazon Linux AMI : ruby21 (ALAS-2014-439) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-1.NASL description This ruby update fixes the following two security issues : - bnc#902851: fix CVE-2014-8080: Denial Of Service XML Expansion - bnc#905326: fix CVE-2014-8090: Another Denial Of Service XML Expansion - Enable tests to run during the build. This way we can compare the results on different builds. last seen 2020-06-05 modified 2015-01-05 plugin id 80353 published 2015-01-05 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80353 title openSUSE Security Update : ruby20 (openSUSE-SU-2015:0002-1) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-447.NASL description The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved using larger inputs. last seen 2020-06-01 modified 2020-06-02 plugin id 79296 published 2014-11-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79296 title Amazon Linux AMI : ruby19 (ALAS-2014-447) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1912.NASL description Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79643 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79643 title CentOS 7 : ruby (CESA-2014:1912) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-129.NASL description Updated ruby packages fix security vulnerabilities : Due to unrestricted entity expansion, when reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8080). Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090). last seen 2020-06-01 modified 2020-06-02 plugin id 82382 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82382 title Mandriva Linux Security Advisory : ruby (MDVSA-2015:129) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-758.NASL description ruby19 was updated to fix two security issues. These security issues were fixed : - Denial Of Service XML Expansion (CVE-2014-8080). - Denial Of Service XML Expansion (CVE-2014-8090). Note: These are two separate issues. last seen 2020-06-05 modified 2014-12-09 plugin id 79820 published 2014-12-09 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79820 title openSUSE Security Update : ruby19 (openSUSE-SU-2014:1589-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3157.NASL description Multiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. - CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). last seen 2020-03-17 modified 2015-02-10 plugin id 81250 published 2015-02-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81250 title Debian DSA-3157-1 : ruby1.9.1 - security update NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3159.NASL description It was discovered that the REXML parser, part of the interpreter for the Ruby language, could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). last seen 2020-03-17 modified 2015-02-11 plugin id 81279 published 2015-02-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81279 title Debian DSA-3159-1 : ruby1.8 - security update NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1912.NASL description From Red Hat Security Advisory 2014:1912 : Updated ruby packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79594 published 2014-11-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79594 title Oracle Linux 7 : ruby (ELSA-2014-1912) NASL family Fedora Local Security Checks NASL id FEDORA_2014-14096.NASL description Update to Ruby 2.1.4. Include only vendor directories, not their content (rhbz#1114071). Fix last seen 2020-03-17 modified 2014-11-11 plugin id 79092 published 2014-11-11 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79092 title Fedora 21 : ruby-2.1.4-24.fc21 (2014-14096) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-6.NASL description The following issues were fixed in this update : - CVE-2014-8090: Denial Of Service XML Expansion (bnc#905326) - CVE-2014-8080: Denial Of Service XML Expansion (bnc#902851) last seen 2020-06-05 modified 2015-01-05 plugin id 80356 published 2015-01-05 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80356 title openSUSE Security Update : ruby2.1 (openSUSE-SU-2015:0007-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-27.NASL description The remote host is affected by the vulnerability described in GLSA-201412-27 (Ruby: Denial of Service) Multiple vulnerabilities have been discovered in Ruby. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79980 published 2014-12-15 reporter This script is Copyright (C) 2014-2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79980 title GLSA-201412-27 : Ruby: Denial of Service NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1911.NASL description Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 79595 published 2014-11-27 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79595 title RHEL 6 : ruby (RHSA-2014:1911) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-225.NASL description Updated ruby packages fix security vulnerabilities : Will Wood discovered that Ruby incorrectly handled the encodes() function. An attacker could possibly use this issue to cause Ruby to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service (CVE-2014-4975). Due to an incomplete fix for CVE-2014-8080, 100% CPU utilization can occur as a result of recursive expansion with an empty String. When reading text nodes from an XML document, the REXML parser in Ruby can be coerced into allocating extremely large string objects which can consume all of the memory on a machine, causing a denial of service (CVE-2014-8090). Additionally ruby has been upgraded to patch level 374. last seen 2020-06-01 modified 2020-06-02 plugin id 79571 published 2014-11-26 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79571 title Mandriva Linux Security Advisory : ruby (MDVSA-2014:225) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-88.NASL description This update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900 like situations. CVE-2011-2705 Modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong. CVE-2011-4815 Fix a problem with predictable hash collisions resulting in denial of service (CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde. CVE-2014-8080 Fix REXML parser to prevent memory consumption denial of service via crafted XML documents. Reported by Willis Vandevanter. CVE-2014-8090 Add REXML::Document#document to complement the fix for CVE-2014-8080. Reported by Tomas Hoger. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82233 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82233 title Debian DLA-88-1 : ruby1.8 security update NASL family Scientific Linux Local Security Checks NASL id SL_20141126_RUBY_ON_SL6_X.NASL description Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-03-18 modified 2014-12-02 plugin id 79657 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79657 title Scientific Linux Security Update : ruby on SL6.x i386/x86_64 (20141126) NASL family Scientific Linux Local Security Checks NASL id SL_20141126_RUBY_ON_SL7_X.NASL description Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) All running instances of Ruby need to be restarted for this update to take effect. last seen 2020-03-18 modified 2014-12-02 plugin id 79658 published 2014-12-02 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79658 title Scientific Linux Security Update : ruby on SL7.x x86_64 (20141126) NASL family SuSE Local Security Checks NASL id SUSE_11_RUBY-141230.NASL description The Ruby script interpreter has been updated to fix two denial of service attacks when expanding XML. (CVE-2014-8080 / CVE-2014-8090) last seen 2020-06-05 modified 2015-01-27 plugin id 81040 published 2015-01-27 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81040 title SuSE 11.3 Security Update : Ruby (SAT Patch Number 10126) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-200.NASL description CVE-2014-4975 The encodes() function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service (crash) or arbitrary code execution. CVE-2014-8080, CVE-2014-8090 The REXML parser could be coerced into allocating large string objects that could consume all available memory on the system. This could allow remote attackers to cause a denial of service (crash). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-04-16 plugin id 82805 published 2015-04-16 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82805 title Debian DLA-200-1 : ruby1.9.1 security update NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-448.NASL description The upstream patch for CVE-2014-8080 introduced checks against the REXML.entity_expansion_text_limit, but did not add restrictions to limit the number of expansions performed, i.e. checks against the REXML::Document.entity_expansion_limit. As a consequence, even with the patch applied, a small XML document could cause REXML to use an excessive amount of CPU time. High memory usage can be achieved using larger inputs. last seen 2020-06-01 modified 2020-06-02 plugin id 79297 published 2014-11-18 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79297 title Amazon Linux AMI : ruby20 (ALAS-2014-448)
Redhat
| advisories |
| ||||||||||||||||
| rpms |
|
References
- http://advisories.mageia.org/MGASA-2014-0443.html
- http://advisories.mageia.org/MGASA-2014-0443.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2014-12/msg00035.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2015-01/msg00004.html
- http://rhn.redhat.com/errata/RHSA-2014-1911.html
- http://rhn.redhat.com/errata/RHSA-2014-1911.html
- http://rhn.redhat.com/errata/RHSA-2014-1912.html
- http://rhn.redhat.com/errata/RHSA-2014-1912.html
- http://rhn.redhat.com/errata/RHSA-2014-1913.html
- http://rhn.redhat.com/errata/RHSA-2014-1913.html
- http://rhn.redhat.com/errata/RHSA-2014-1914.html
- http://rhn.redhat.com/errata/RHSA-2014-1914.html
- http://secunia.com/advisories/61607
- http://secunia.com/advisories/61607
- http://secunia.com/advisories/62050
- http://secunia.com/advisories/62050
- http://secunia.com/advisories/62748
- http://secunia.com/advisories/62748
- http://www.debian.org/security/2015/dsa-3157
- http://www.debian.org/security/2015/dsa-3157
- http://www.debian.org/security/2015/dsa-3159
- http://www.debian.org/security/2015/dsa-3159
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:129
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:129
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.securityfocus.com/bid/70935
- http://www.securityfocus.com/bid/70935
- http://www.ubuntu.com/usn/USN-2397-1
- http://www.ubuntu.com/usn/USN-2397-1
- https://support.apple.com/HT205267
- https://support.apple.com/HT205267
- https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
- https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/