Test ID:	1.3.6.1.4.1.25623.1.0.60261
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDVSA-2008:029 (ruby)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ruby announced via advisory MDVSA-2008:029. Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN (common name) attribute in SSL certificates against the server's hostname. The updated packages have been patched to prevent the issue. Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2008:029 Risk factor : High CVSS Score: 6.9
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5162 BugTraq ID: 32447 http://www.securityfocus.com/bid/32447 FreeBSD Security Advisory: FreeBSD-SA-08:11 http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc http://osvdb.org/50137 http://securitytracker.com/id?1021276 http://secunia.com/advisories/32871 Common Vulnerability Exposure (CVE) ID: CVE-2007-5770 1018938 http://www.securitytracker.com/id?1018938 26421 http://www.securityfocus.com/bid/26421 26985 http://secunia.com/advisories/26985 27576 http://secunia.com/advisories/27576 27673 http://secunia.com/advisories/27673 27756 http://secunia.com/advisories/27756 27764 http://secunia.com/advisories/27764 27769 http://secunia.com/advisories/27769 27818 http://secunia.com/advisories/27818 28136 http://secunia.com/advisories/28136 28645 http://secunia.com/advisories/28645 29556 http://secunia.com/advisories/29556 ADV-2007-4238 http://www.vupen.com/english/advisories/2007/4238 APPLE-SA-2007-12-17 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html DSA-1410 http://www.debian.org/security/2007/dsa-1410 DSA-1411 http://www.debian.org/security/2007/dsa-1411 DSA-1412 http://www.debian.org/security/2007/dsa-1412 MDVSA-2008:029 http://www.mandriva.com/security/advisories?name=MDVSA-2008:029 RHSA-2007:0961 http://www.redhat.com/support/errata/RHSA-2007-0961.html RHSA-2007:0965 http://www.redhat.com/support/errata/RHSA-2007-0965.html SUSE-SR:2007:024 http://www.novell.com/linux/security/advisories/2007_24_sr.html TA07-352A http://www.us-cert.gov/cas/techalerts/TA07-352A.html USN-596-1 http://www.ubuntu.com/usn/usn-596-1 http://docs.info.apple.com/article.html?artnum=307179 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656 https://bugzilla.redhat.com/show_bug.cgi?id=362081 oval:org.mitre.oval:def:11025 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11025
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.