FreeBSD : ruby-gems -- Algorithmic Complexity Vulnerability (742eb9e4-e3cb-4f5a-b94e-0e9a39420600)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote FreeBSD host is missing one or more security-related

Description :

Ruby Gem developers report :

The patch for CVE-2013-4363 was insufficiently verified so the
combined regular expression for verifying gem version remains
vulnerable following CVE-2013-4363.

RubyGems validates versions with a regular expression that is
vulnerable to denial of service due to backtracking. For specially
crafted RubyGems versions attackers can cause denial of service
through CPU consumption.

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 71071 ()

Bugtraq ID:

CVE ID: CVE-2013-4363

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now