ID de Prueba:	1.3.6.1.4.1.25623.1.0.61718
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0896
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0896. Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0896.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3443 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 30682 http://www.securityfocus.com/bid/30682 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1695 (Google Search) http://www.debian.org/security/2009/dsa-1695 https://www.exploit-db.com/exploits/6239 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570 http://www.redhat.com/support/errata/RHSA-2008-0895.html http://www.redhat.com/support/errata/RHSA-2008-0897.html http://www.securitytracker.com/id?1021075 http://secunia.com/advisories/31430 http://secunia.com/advisories/32165 http://secunia.com/advisories/32219 http://secunia.com/advisories/32371 http://secunia.com/advisories/32372 http://secunia.com/advisories/33185 http://secunia.com/advisories/33398 http://secunia.com/advisories/35074 http://securityreason.com/securityalert/4158 https://usn.ubuntu.com/651-1/ https://usn.ubuntu.com/691-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: ruby-regex-dos(44688) https://exchange.xforce.ibmcloud.com/vulnerabilities/44688 Common Vulnerability Exposure (CVE) ID: CVE-2008-3655 BugTraq ID: 30644 http://www.securityfocus.com/bid/30644 Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search) http://www.securityfocus.com/archive/1/495884/100/0/threaded Debian Security Information: DSA-1651 (Google Search) http://www.debian.org/security/2008/dsa-1651 Debian Security Information: DSA-1652 (Google Search) http://www.debian.org/security/2008/dsa-1652 http://security.gentoo.org/glsa/glsa-200812-17.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602 http://www.securitytracker.com/id?1020656 http://secunia.com/advisories/31697 http://secunia.com/advisories/32255 http://secunia.com/advisories/32256 http://secunia.com/advisories/33178 http://www.vupen.com/english/advisories/2008/2334 XForce ISS Database: ruby-safelevel-security-bypass(44369) https://exchange.xforce.ibmcloud.com/vulnerabilities/44369 Common Vulnerability Exposure (CVE) ID: CVE-2008-3905 BugTraq ID: 31699 http://www.securityfocus.com/bid/31699 http://www.openwall.com/lists/oss-security/2008/09/03/3 http://www.openwall.com/lists/oss-security/2008/09/04/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034 http://secunia.com/advisories/32948 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754 XForce ISS Database: ruby-resolv-dns-spoofing(45935) https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.