Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.66602
Category:Gentoo Local Security Checks
Title:Gentoo Security Advisory GLSA 200912-02 (rails)
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory GLSA 200912-02.

Multiple vulnerabilities have been discovered in Rails, the worst of which
leading to the execution of arbitrary SQL statements.

Solution:
All Ruby on Rails 2.3.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-ruby/rails-2.3.5'

All Ruby on Rails 2.2.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '=dev-ruby/rails-2.2.3-r1'

NOTE: All applications using Ruby on Rails should also be configured to
use the latest version available by running 'rake rails:update' inside
the application directory.

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200912-02
http://bugs.gentoo.org/show_bug.cgi?id=200159
http://bugs.gentoo.org/show_bug.cgi?id=237385
http://bugs.gentoo.org/show_bug.cgi?id=247549
http://bugs.gentoo.org/show_bug.cgi?id=276279
http://bugs.gentoo.org/show_bug.cgi?id=283396
http://bugs.gentoo.org/show_bug.cgi?id=294797
http://www.gentoo.org/security/en/glsa/glsa-200711-17.xml

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5380
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
BugTraq ID: 26096
http://www.securityfocus.com/bid/26096
Cert/CC Advisory: TA07-352A
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://security.gentoo.org/glsa/glsa-200711-17.xml
http://secunia.com/advisories/27657
http://secunia.com/advisories/27965
http://secunia.com/advisories/28136
SuSE Security Announcement: SUSE-SR:2007:025 (Google Search)
http://www.novell.com/linux/security/advisories/2007_25_sr.html
http://www.vupen.com/english/advisories/2007/3508
http://www.vupen.com/english/advisories/2007/4238
Common Vulnerability Exposure (CVE) ID: CVE-2007-6077
BugTraq ID: 26598
http://www.securityfocus.com/bid/26598
http://secunia.com/advisories/27781
http://www.vupen.com/english/advisories/2007/4009
Common Vulnerability Exposure (CVE) ID: CVE-2008-4094
BugTraq ID: 31176
http://www.securityfocus.com/bid/31176
http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
http://www.rorsecurity.info/2008/09/08/sql-injection-issue-in-limit-and-offset-parameter/
http://www.openwall.com/lists/oss-security/2008/09/13/2
http://www.openwall.com/lists/oss-security/2008/09/16/1
http://www.securitytracker.com/id?1020871
http://secunia.com/advisories/31875
http://secunia.com/advisories/31909
http://secunia.com/advisories/31910
SuSE Security Announcement: SUSE-SR:2008:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00002.html
http://www.vupen.com/english/advisories/2008/2562
XForce ISS Database: rubyonrails-activerecord-sql-injection(45109)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45109
Common Vulnerability Exposure (CVE) ID: CVE-2008-7248
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/d741ee286e36e301?hl=en
http://pseudo-flaw.net/content/web-browsers/form-data-encoding-roundup/
http://www.rorsecurity.info/journal/2008/11/19/circumvent-rails-csrf-protection.html
http://www.openwall.com/lists/oss-security/2009/11/28/1
http://www.openwall.com/lists/oss-security/2009/12/02/2
http://secunia.com/advisories/36600
http://secunia.com/advisories/38915
SuSE Security Announcement: SUSE-SR:2010:006 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://www.vupen.com/english/advisories/2009/2544
Common Vulnerability Exposure (CVE) ID: CVE-2009-2422
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 35579
http://www.securityfocus.com/bid/35579
http://n8.tumblr.com/post/117477059/security-hole-found-in-rails-2-3s
http://secunia.com/advisories/35702
http://www.vupen.com/english/advisories/2009/1802
XForce ISS Database: rubyonrails-validatedigest-sec-bypass(51528)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51528
Common Vulnerability Exposure (CVE) ID: CVE-2009-3009
BugTraq ID: 36278
http://www.securityfocus.com/bid/36278
Debian Security Information: DSA-1887 (Google Search)
http://www.debian.org/security/2009/dsa-1887
http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source
http://www.osvdb.org/57666
http://securitytracker.com/id?1022824
http://secunia.com/advisories/36717
SuSE Security Announcement: SUSE-SR:2009:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html
XForce ISS Database: rubyonrails-unicode-xss(53036)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53036
Common Vulnerability Exposure (CVE) ID: CVE-2009-3086
BugTraq ID: 37427
http://www.securityfocus.com/bid/37427
Debian Security Information: DSA-2260 (Google Search)
http://www.debian.org/security/2011/dsa-2260
Common Vulnerability Exposure (CVE) ID: CVE-2009-4214
BugTraq ID: 37142
http://www.securityfocus.com/bid/37142
Debian Security Information: DSA-2301 (Google Search)
http://www.debian.org/security/2011/dsa-2301
http://www.openwall.com/lists/oss-security/2009/11/27/2
http://www.openwall.com/lists/oss-security/2009/12/08/3
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
http://www.securitytracker.com/id?1023245
http://secunia.com/advisories/37446
http://www.vupen.com/english/advisories/2009/3352
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.