Test Kennung:	1.3.6.1.4.1.25623.1.0.66602
Kategorie:	Gentoo Local Security Checks
Titel:	Gentoo Security Advisory GLSA 200912-02 (rails)
Zusammenfassung:	The remote host is missing updates announced in;advisory GLSA 200912-02.
Beschreibung:	Summary: The remote host is missing updates announced in advisory GLSA 200912-02. Vulnerability Insight: Multiple vulnerabilities have been discovered in Rails, the worst of which leading to the execution of arbitrary SQL statements. Solution: All Ruby on Rails 2.3.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5' All Ruby on Rails 2.2.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1' NOTE: All applications using Ruby on Rails should also be configured to use the latest version available by running 'rake rails:update' inside the application directory. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-5380 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html BugTraq ID: 26096 http://www.securityfocus.com/bid/26096 Cert/CC Advisory: TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://security.gentoo.org/glsa/glsa-200711-17.xml http://secunia.com/advisories/27657 http://secunia.com/advisories/27965 http://secunia.com/advisories/28136 SuSE Security Announcement: SUSE-SR:2007:025 (Google Search) http://www.novell.com/linux/security/advisories/2007_25_sr.html http://www.vupen.com/english/advisories/2007/3508 http://www.vupen.com/english/advisories/2007/4238 Common Vulnerability Exposure (CVE) ID: CVE-2007-6077 BugTraq ID: 26598 http://www.securityfocus.com/bid/26598 http://secunia.com/advisories/27781 http://www.vupen.com/english/advisories/2007/4009 Common Vulnerability Exposure (CVE) ID: CVE-2008-4094 BugTraq ID: 31176 http://www.securityfocus.com/bid/31176 http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1 http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/ http://www.openwall.com/lists/oss-security/2008/09/13/2 http://www.openwall.com/lists/oss-security/2008/09/16/1 http://www.securitytracker.com/id?1020871 http://secunia.com/advisories/31875 http://secunia.com/advisories/31909 http://secunia.com/advisories/31910 SuSE Security Announcement: SUSE-SR:2008:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html http://www.vupen.com/english/advisories/2008/2562 XForce ISS Database: rubyonrails-activerecord-sql-injection(45109) https://exchange.xforce.ibmcloud.com/vulnerabilities/45109 Common Vulnerability Exposure (CVE) ID: CVE-2008-7248 36600 http://secunia.com/advisories/36600 38915 http://secunia.com/advisories/38915 ADV-2009-2544 http://www.vupen.com/english/advisories/2009/2544 SUSE-SR:2010:006 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html [oss-security] 20091128 CVE request: Ruby on Rails: CSRF circumvention (from 2008) http://www.openwall.com/lists/oss-security/2009/11/28/1 [oss-security] 20091202 Re: CVE request: Ruby on Rails: CSRF circumvention (from 2008) http://www.openwall.com/lists/oss-security/2009/12/02/2 http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/ http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html Common Vulnerability Exposure (CVE) ID: CVE-2009-2422 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 35579 http://www.securityfocus.com/bid/35579 http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s http://secunia.com/advisories/35702 http://www.vupen.com/english/advisories/2009/1802 XForce ISS Database: rubyonrails-validatedigest-sec-bypass(51528) https://exchange.xforce.ibmcloud.com/vulnerabilities/51528 Common Vulnerability Exposure (CVE) ID: CVE-2009-3009 BugTraq ID: 36278 http://www.securityfocus.com/bid/36278 Debian Security Information: DSA-1887 (Google Search) http://www.debian.org/security/2009/dsa-1887 http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source http://www.osvdb.org/57666 http://securitytracker.com/id?1022824 http://secunia.com/advisories/36717 SuSE Security Announcement: SUSE-SR:2009:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html XForce ISS Database: rubyonrails-unicode-xss(53036) https://exchange.xforce.ibmcloud.com/vulnerabilities/53036 Common Vulnerability Exposure (CVE) ID: CVE-2009-3086 BugTraq ID: 37427 http://www.securityfocus.com/bid/37427 Debian Security Information: DSA-2260 (Google Search) http://www.debian.org/security/2011/dsa-2260 Common Vulnerability Exposure (CVE) ID: CVE-2009-4214 BugTraq ID: 37142 http://www.securityfocus.com/bid/37142 Debian Security Information: DSA-2301 (Google Search) http://www.debian.org/security/2011/dsa-2301 http://www.openwall.com/lists/oss-security/2009/11/27/2 http://www.openwall.com/lists/oss-security/2009/12/08/3 http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 http://www.securitytracker.com/id?1023245 http://secunia.com/advisories/37446 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://www.vupen.com/english/advisories/2009/3352
Copyright	Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.