ID de Prueba:	1.3.6.1.4.1.25623.1.0.880866
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for ruby CESA-2009:1140 centos5 i386
Resumen:	The remote host is missing an update for the 'ruby'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the referenced advisory. Vulnerability Insight: Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user's authentication credentials. (CVE-2007-1558) It was discovered that Ruby did not properly check the return value when verifying X.509 certificates. This could, potentially, allow a remote attacker to present an invalid X.509 certificate, and have Ruby treat it as valid. (CVE-2009-0642) A flaw was found in the way Ruby converted BigDecimal objects to Float numbers. If an attacker were able to provide certain input for the BigDecimal object converter, they could crash an application using this class. (CVE-2009-1904) All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. Affected Software/OS: ruby on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1558 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html BugTraq ID: 23257 http://www.securityfocus.com/bid/23257 Bugtraq: 20070402 APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464477/30/0/threaded Bugtraq: 20070403 Re: APOP vulnerability (Google Search) http://www.securityfocus.com/archive/1/464569/100/0/threaded Bugtraq: 20070531 FLEA-2007-0023-1: firefox (Google Search) http://www.securityfocus.com/archive/1/470172/100/200/threaded Bugtraq: 20070615 rPSA-2007-0122-1 evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471455/100/0/threaded Bugtraq: 20070619 FLEA-2007-0026-1: evolution-data-server (Google Search) http://www.securityfocus.com/archive/1/471720/100/0/threaded Bugtraq: 20070620 FLEA-2007-0027-1: thunderbird (Google Search) http://www.securityfocus.com/archive/1/471842/100/0/threaded Cert/CC Advisory: TA07-151A http://www.us-cert.gov/cas/techalerts/TA07-151A.html Debian Security Information: DSA-1300 (Google Search) http://www.debian.org/security/2007/dsa-1300 Debian Security Information: DSA-1305 (Google Search) http://www.debian.org/security/2007/dsa-1305 http://security.gentoo.org/glsa/glsa-200706-06.xml HPdes Security Advisory: HPSBUX02153 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 HPdes Security Advisory: HPSBUX02156 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 HPdes Security Advisory: SSRT061181 HPdes Security Advisory: SSRT061236 http://www.mandriva.com/security/advisories?name=MDKSA-2007:105 http://www.mandriva.com/security/advisories?name=MDKSA-2007:107 http://www.mandriva.com/security/advisories?name=MDKSA-2007:113 http://www.mandriva.com/security/advisories?name=MDKSA-2007:119 http://www.mandriva.com/security/advisories?name=MDKSA-2007:131 http://mail.gnome.org/archives/balsa-list/2007-July/msg00000.html http://www.openwall.com/lists/oss-security/2009/08/15/1 http://www.openwall.com/lists/oss-security/2009/08/18/1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9782 http://www.redhat.com/support/errata/RHSA-2007-0344.html http://www.redhat.com/support/errata/RHSA-2007-0353.html http://www.redhat.com/support/errata/RHSA-2007-0385.html http://www.redhat.com/support/errata/RHSA-2007-0386.html http://www.redhat.com/support/errata/RHSA-2007-0401.html http://www.redhat.com/support/errata/RHSA-2007-0402.html http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securitytracker.com/id?1018008 http://secunia.com/advisories/25353 http://secunia.com/advisories/25402 http://secunia.com/advisories/25476 http://secunia.com/advisories/25496 http://secunia.com/advisories/25529 http://secunia.com/advisories/25534 http://secunia.com/advisories/25546 http://secunia.com/advisories/25559 http://secunia.com/advisories/25664 http://secunia.com/advisories/25750 http://secunia.com/advisories/25798 http://secunia.com/advisories/25858 http://secunia.com/advisories/25894 http://secunia.com/advisories/26083 http://secunia.com/advisories/26415 http://secunia.com/advisories/35699 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.571857 SuSE Security Announcement: SUSE-SA:2007:036 (Google Search) http://www.novell.com/linux/security/advisories/2007_36_mozilla.html SuSE Security Announcement: SUSE-SR:2007:014 (Google Search) http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.trustix.org/errata/2007/0019/ http://www.trustix.org/errata/2007/0024/ http://www.ubuntu.com/usn/usn-469-1 http://www.ubuntu.com/usn/usn-520-1 http://www.vupen.com/english/advisories/2007/1466 http://www.vupen.com/english/advisories/2007/1467 http://www.vupen.com/english/advisories/2007/1468 http://www.vupen.com/english/advisories/2007/1480 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1994 http://www.vupen.com/english/advisories/2007/2788 http://www.vupen.com/english/advisories/2008/0082 Common Vulnerability Exposure (CVE) ID: CVE-2009-0642 BugTraq ID: 33769 http://www.securityfocus.com/bid/33769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:193 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450 http://www.securitytracker.com/id?1022505 http://secunia.com/advisories/33750 http://secunia.com/advisories/35937 http://www.ubuntu.com/usn/USN-805-1 XForce ISS Database: ruby-ocspbasicverify-spoofing(48761) https://exchange.xforce.ibmcloud.com/vulnerabilities/48761 Common Vulnerability Exposure (CVE) ID: CVE-2009-1904 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html BugTraq ID: 35278 http://www.securityfocus.com/bid/35278 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00731.html http://security.gentoo.org/glsa/glsa-200906-02.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:160 http://mail-index.netbsd.org/pkgsrc-changes/2009/06/10/msg024708.html http://groups.google.com/group/rubyonrails-security/msg/fad60751e2b9b4f6?dmode=source http://osvdb.org/55031 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9780 http://www.securitytracker.com/id?1022371 http://secunia.com/advisories/35399 http://secunia.com/advisories/35527 http://secunia.com/advisories/35593 http://secunia.com/advisories/37705 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.430805 http://www.vupen.com/english/advisories/2009/1563 XForce ISS Database: ruby-bigdecimal-dos(51032) https://exchange.xforce.ibmcloud.com/vulnerabilities/51032
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.