English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61773
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1651-1 (ruby1.8)
Summary:Debian Security Advisory DSA 1651-1 (ruby1.8)
Description:The remote host is missing an update to ruby1.8
announced via advisory DSA 1651-1.

Several vulnerabilities have been discovered in the interpreter for
the Ruby language, which may lead to denial of service and other
security problems. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2008-3655

Keita Yamaguchi discovered that several safe level restrictions
are insufficiently enforced.

CVE-2008-3656

Christian Neukirchen discovered that the WebRick module uses
inefficient algorithms for HTTP header splitting, resulting in
denial of service through resource exhaustion.

CVE-2008-3657

It was discovered that the dl module doesn't perform taintness
checks.

CVE-2008-3790

Luka Treiber and Mitja Kolsek discovered that recursively nested
XML entities can lead to denial of service through resource
exhaustion in rexml.

CVE-2008-3905

Tanaka Akira discovered that the resolv module uses sequential
transaction IDs and a fixed source port for DNS queries, which
makes it more vulnerable to DNS spoofing attacks.

For the stable distribution (etch), these problems have been fixed in
version 1.8.5-4etch3. Packages for arm will be provided later.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.7.72-1.

We recommend that you upgrade your ruby1.8 packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201651-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-3655
Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search)
http://www.securityfocus.com/archive/1/archive/1/495884/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Debian Security Information: DSA-1651 (Google Search)
http://www.debian.org/security/2008/dsa-1651
Debian Security Information: DSA-1652 (Google Search)
http://www.debian.org/security/2008/dsa-1652
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html
http://security.gentoo.org/glsa/glsa-200812-17.xml
http://www.redhat.com/support/errata/RHSA-2008-0895.html
http://www.redhat.com/support/errata/RHSA-2008-0897.html
http://www.ubuntulinux.org/support/documentation/usn/usn-651-1
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 30644
http://www.securityfocus.com/bid/30644
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11602
http://secunia.com/advisories/35074
http://www.vupen.com/english/advisories/2008/2334
http://www.securitytracker.com/id?1020656
http://secunia.com/advisories/31697
http://secunia.com/advisories/32255
http://secunia.com/advisories/32256
http://secunia.com/advisories/33178
http://secunia.com/advisories/31430
http://secunia.com/advisories/32165
http://secunia.com/advisories/32219
http://secunia.com/advisories/32371
http://secunia.com/advisories/32372
http://www.vupen.com/english/advisories/2009/1297
XForce ISS Database: ruby-safelevel-security-bypass(44369)
http://xforce.iss.net/xforce/xfdb/44369
Common Vulnerability Exposure (CVE) ID: CVE-2008-3656
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9682
http://www.securitytracker.com/id?1020654
XForce ISS Database: ruby-webrick-dos(44371)
http://xforce.iss.net/xforce/xfdb/44371
Common Vulnerability Exposure (CVE) ID: CVE-2008-3657
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9793
http://www.securitytracker.com/id?1020652
XForce ISS Database: ruby-dl-security-bypass(44372)
http://xforce.iss.net/xforce/xfdb/44372
Common Vulnerability Exposure (CVE) ID: CVE-2008-3790
http://www.openwall.com/lists/oss-security/2008/08/25/4
http://www.openwall.com/lists/oss-security/2008/08/26/1
http://www.openwall.com/lists/oss-security/2008/08/26/4
http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca
http://www.ubuntulinux.org/support/documentation/usn/usn-691-1
BugTraq ID: 30802
http://www.securityfocus.com/bid/30802
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10393
http://www.vupen.com/english/advisories/2008/2483
http://www.vupen.com/english/advisories/2008/2428
http://www.securitytracker.com/id?1020735
http://secunia.com/advisories/31602
http://secunia.com/advisories/33185
XForce ISS Database: ruby-rexml-dos(44628)
http://xforce.iss.net/xforce/xfdb/44628
Common Vulnerability Exposure (CVE) ID: CVE-2008-3905
http://www.openwall.com/lists/oss-security/2008/09/03/3
http://www.openwall.com/lists/oss-security/2008/09/04/9
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754
BugTraq ID: 31699
http://www.securityfocus.com/bid/31699
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10034
http://secunia.com/advisories/32948
XForce ISS Database: ruby-resolv-dns-spoofing(45935)
http://xforce.iss.net/xforce/xfdb/45935
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.