Detections
Analytics

Oracle Linux 5 / 6 : ruby (ELSA-2013-1090)

medium Nessus Plugin ID 68976

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

From Red Hat Security Advisory 2013:1090 :

Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks.

A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts.
(CVE-2013-4073)

All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.

Solution

Update the affected ruby packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2013-July/003582.html

https://oss.oracle.com/pipermail/el-errata/2013-July/003583.html

Plugin Details

Severity: Medium

ID: 68976

File Name: oraclelinux_ELSA-2013-1090.nasl

Version: 1.12

Type: local

Agent: unix

Published: 7/19/2013

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:ruby, p-cpe:/a:oracle:linux:ruby-devel, p-cpe:/a:oracle:linux:ruby-docs, p-cpe:/a:oracle:linux:ruby-irb, p-cpe:/a:oracle:linux:ruby-libs, p-cpe:/a:oracle:linux:ruby-mode, p-cpe:/a:oracle:linux:ruby-rdoc, p-cpe:/a:oracle:linux:ruby-ri, p-cpe:/a:oracle:linux:ruby-static, p-cpe:/a:oracle:linux:ruby-tcltk, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2013

Vulnerability Publication Date: 8/17/2013

Reference Information

CVE: CVE-2013-4073

BID: 60843

RHSA: 2013:1090