Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:128 (ruby)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50610

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:128 (ruby)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to ruby
announced via advisory MDKSA-2004:128.

Andres Salomon noticed a problem with the CGI session management in
Ruby. The CGI:Session's FileStore implementations store session
information in an insecure manner by just creating files and ignoring
permission issues (CVE-2004-0755).

The ruby developers have corrected a problem in the ruby CGI module
that can be triggered remotely and cause an inifinite loop on the
server (CVE-2004-0983).

The updated packages are patched to prevent these problems.

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0755
Debian Security Information: DSA-537 (Google Search)
http://www.debian.org/security/2004/dsa-537
http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128
http://secunia.com/advisories/12290/
XForce ISS Database: ruby-filestore-pstore-insecure-permission(16996)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16996
Common Vulnerability Exposure (CVE) ID: CVE-2004-0983
BugTraq ID: 11618
http://www.securityfocus.com/bid/11618
Debian Security Information: DSA-586 (Google Search)
http://www.debian.org/security/2004/dsa-586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268
http://www.redhat.com/support/errata/RHSA-2004-635.html
https://usn.ubuntu.com/20-1/
XForce ISS Database: ruby-cgi-dos(17985)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17985

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50610
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:128 (ruby)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ruby announced via advisory MDKSA-2004:128. Andres Salomon noticed a problem with the CGI session management in Ruby. The CGI:Session's FileStore implementations store session information in an insecure manner by just creating files and ignoring permission issues (CVE-2004-0755). The ruby developers have corrected a problem in the ruby CGI module that can be triggered remotely and cause an inifinite loop on the server (CVE-2004-0983). The updated packages are patched to prevent these problems. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0755 Debian Security Information: DSA-537 (Google Search) http://www.debian.org/security/2004/dsa-537 http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:128 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128 http://secunia.com/advisories/12290/ XForce ISS Database: ruby-filestore-pstore-insecure-permission(16996) https://exchange.xforce.ibmcloud.com/vulnerabilities/16996 Common Vulnerability Exposure (CVE) ID: CVE-2004-0983 BugTraq ID: 11618 http://www.securityfocus.com/bid/11618 Debian Security Information: DSA-586 (Google Search) http://www.debian.org/security/2004/dsa-586 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268 http://www.redhat.com/support/errata/RHSA-2004-635.html https://usn.ubuntu.com/20-1/ XForce ISS Database: ruby-cgi-dos(17985) https://exchange.xforce.ibmcloud.com/vulnerabilities/17985
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com