Detections
Analytics

CentOS 4 / 5 : ruby (CESA-2008:0897)

high Nessus Plugin ID 34502

Synopsis

The remote CentOS host is missing one or more security updates.

Description

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an interpreted scripting language for quick and easy object-oriented programming.

The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)

Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory.
(CVE-2008-3790)

An insufficient 'taintness' check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657)

A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656)

A number of flaws were found in the safe-level restrictions in Ruby.
It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655)

A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443)

Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues.

Solution

Update the affected ruby packages.

See Also

http://www.nessus.org/u?7f33f148

http://www.nessus.org/u?cd91bfb9

http://www.nessus.org/u?44810b1b

http://www.nessus.org/u?984199a2

http://www.nessus.org/u?7677ed58

Plugin Details

Severity: High

ID: 34502

File Name: centos_RHSA-2008-0897.nasl

Version: 1.21

Type: local

Agent: unix

Published: 10/28/2008

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:ruby-devel, p-cpe:/a:centos:centos:ruby-libs, p-cpe:/a:centos:centos:ruby-rdoc, p-cpe:/a:centos:centos:ruby, p-cpe:/a:centos:centos:ruby-docs, p-cpe:/a:centos:centos:ruby-irb, p-cpe:/a:centos:centos:ruby-ri, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5, p-cpe:/a:centos:centos:ruby-tcltk, p-cpe:/a:centos:centos:irb, p-cpe:/a:centos:centos:ruby-mode

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/28/2008

Vulnerability Publication Date: 3/4/2008

Reference Information

CVE: CVE-2008-1145, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905, CVE-2008-4310

BID: 30644, 30682, 31699

CWE: 20, 22, 264, 287, 399

RHSA: 2008:0897