Test ID:	1.3.6.1.4.1.25623.1.1.1.2.2015.215
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DLA-215-1)
Summary:	The remote host is missing an update for the Debian 'libjson-ruby' package(s) announced via the DLA-215-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libjson-ruby' package(s) announced via the DLA-215-1 advisory. Vulnerability Insight: The JSON gem for Ruby allowed remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka 'Unsafe Object Creation Vulnerability.' For Debian 6 Squeeze, this issue has been fixed in libjson-ruby version 1.1.9-1+deb6u1. Affected Software/OS: 'libjson-ruby' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0269 52075 http://secunia.com/advisories/52075 52774 http://secunia.com/advisories/52774 52902 http://secunia.com/advisories/52902 57899 http://www.securityfocus.com/bid/57899 90074 http://www.osvdb.org/90074 APPLE-SA-2013-10-22-5 http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html RHSA-2013:0686 http://rhn.redhat.com/errata/RHSA-2013-0686.html RHSA-2013:0701 http://rhn.redhat.com/errata/RHSA-2013-0701.html RHSA-2013:1028 http://rhn.redhat.com/errata/RHSA-2013-1028.html RHSA-2013:1147 http://rhn.redhat.com/errata/RHSA-2013-1147.html SSA:2013-075-01 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.426862 SUSE-SU-2013:0609 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00001.html SUSE-SU-2013:0647 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00015.html USN-1733-1 http://www.ubuntu.com/usn/USN-1733-1 [oss-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] http://www.openwall.com/lists/oss-security/2013/02/11/7 [oss-security] 20130211 Patch update for [CVE-2013-0269] http://www.openwall.com/lists/oss-security/2013/02/11/8 [rubyonrails-security] 20130211 Denial of Service and Unsafe Object Creation Vulnerability in JSON [CVE-2013-0269] https://groups.google.com/group/rubyonrails-security/msg/d8e0db6e08c81428?dmode=source&output=gplain http://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/ http://www.zweitag.de/en/blog/ruby-on-rails-vulnerable-to-mass-assignment-and-sql-injection https://puppet.com/security/cve/cve-2013-0269 json-ruby-security-bypass(82010) https://exchange.xforce.ibmcloud.com/vulnerabilities/82010 openSUSE-SU-2013:0603 http://lists.opensuse.org/opensuse-updates/2013-04/msg00034.html
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.