Scientific Linux Security Update : ruby on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The Ruby DNS resolver library, resolv.rb, used predictable transaction
IDs and a fixed source port when sending DNS requests. A remote
attacker could use this flaw to spoof a malicious reply to a DNS
query. (CVE-2008-3905)

Ruby's XML document parsing module (REXML) was prone to a denial of
service attack via XML documents with large XML entity definitions
recursion. A specially-crafted XML file could cause a Ruby application
using the REXML module to use an excessive amount of CPU and memory.
(CVE-2008-3790)

An insufficient 'taintness' check flaw was discovered in Ruby's DL
module, which provides direct access to the C language functions. An
attacker could use this flaw to bypass intended safe-level
restrictions by calling external C functions with the arguments from
an untrusted tainted inputs. (CVE-2008-3657)

A denial of service flaw was discovered in WEBrick, Ruby's HTTP server
toolkit. A remote attacker could send a specially-crafted HTTP request
to a WEBrick server that would cause the server to use an excessive
amount of CPU time. (CVE-2008-3656)

A number of flaws were found in the safe-level restrictions in Ruby.
It was possible for an attacker to create a carefully crafted
malicious script that can allow the bypass of certain safe-level
restrictions. (CVE-2008-3655)

A denial of service flaw was found in Ruby's regular expression
engine. If a Ruby script tried to process a large amount of data via a
regular expression, it could cause Ruby to enter an infinite-loop and
crash. (CVE-2008-3443)

See also :

http://www.nessus.org/u?39d0eb63

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60485 ()

Bugtraq ID:

CVE ID: CVE-2008-3443
CVE-2008-3655
CVE-2008-3656
CVE-2008-3657
CVE-2008-3790
CVE-2008-3905