Debian DSA-2301-2 : rails - several vulnerabilities

high Nessus Plugin ID 56074

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in Rails, the Ruby web application framework. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-4214 A cross-site scripting (XSS) vulnerability had been found in the strip_tags function. An attacker may inject non-printable characters that certain browsers will then evaluate. This vulnerability only affects the oldstable distribution (lenny).

- CVE-2011-2930 A SQL injection vulnerability had been found in the quote_table_name method that could allow malicious users to inject arbitrary SQL into a query.

- CVE-2011-2931 A cross-site scripting (XSS) vulnerability had been found in the strip_tags helper. An parsing error can be exploited by an attacker, who can confuse the parser and may inject HTML tags into the output document.

- CVE-2011-3186 A newline (CRLF) injection vulnerability had been found in response.rb. This vulnerability allows an attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Solution

Upgrade the rails packages.

For the oldstable distribution (lenny), this problem has been fixed in version 2.1.0-7+lenny2.

For the stable distribution (squeeze), this problem has been fixed in version 2.3.5-1.2+squeeze2.

See Also

https://security-tracker.debian.org/tracker/CVE-2009-4214

https://security-tracker.debian.org/tracker/CVE-2011-2930

https://security-tracker.debian.org/tracker/CVE-2011-2931

https://security-tracker.debian.org/tracker/CVE-2011-3186

https://packages.debian.org/source/squeeze/rails

https://www.debian.org/security/2011/dsa-2301

Plugin Details

Severity: High

ID: 56074

File Name: debian_DSA-2301.nasl

Version: 1.13

Type: local

Agent: unix

Published: 9/6/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:6.0, p-cpe:/a:debian:debian_linux:rails, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Ease: No known exploits are available

Patch Publication Date: 1/23/2012

Reference Information

CVE: CVE-2009-4214, CVE-2011-2930, CVE-2011-2931, CVE-2011-3186

BID: 37142, 49179

CWE: 79

DSA: 2301