ID de Prueba:	1.3.6.1.4.1.25623.1.0.62803
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0981
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0981. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially-crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0981.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 7.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4310 33013 http://secunia.com/advisories/33013 RHSA-2008:0981 http://www.redhat.com/support/errata/RHSA-2008-0981.html [oss-security] 20081204 ruby CVE-2008-4310 (Red Hat specific) http://www.openwall.com/lists/oss-security/2008/12/04/2 https://bugzilla.redhat.com/show_bug.cgi?id=470252 oval:org.mitre.oval:def:10250 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10250 Common Vulnerability Exposure (CVE) ID: CVE-2008-3656 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 30644 http://www.securityfocus.com/bid/30644 Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search) http://www.securityfocus.com/archive/1/495884/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1651 (Google Search) http://www.debian.org/security/2008/dsa-1651 Debian Security Information: DSA-1652 (Google Search) http://www.debian.org/security/2008/dsa-1652 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html http://security.gentoo.org/glsa/glsa-200812-17.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682 http://www.redhat.com/support/errata/RHSA-2008-0897.html http://www.securitytracker.com/id?1020654 http://secunia.com/advisories/31430 http://secunia.com/advisories/31697 http://secunia.com/advisories/32165 http://secunia.com/advisories/32219 http://secunia.com/advisories/32255 http://secunia.com/advisories/32256 http://secunia.com/advisories/32371 http://secunia.com/advisories/33178 http://secunia.com/advisories/35074 https://usn.ubuntu.com/651-1/ http://www.vupen.com/english/advisories/2008/2334 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: ruby-webrick-dos(44371) https://exchange.xforce.ibmcloud.com/vulnerabilities/44371
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.