Detections
Analytics

FreeBSD : ruby -- multiple vulnerabilities (afc60484-0652-440e-b01a-5ef814747f06)

critical Nessus Plugin ID 118247

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Ruby news :

CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly

An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives

Array#pack method converts the receiver's contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.

Solution

Update the affected packages.

See Also

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/

http://www.nessus.org/u?2cb277f6

http://www.nessus.org/u?4ea53be8

http://www.nessus.org/u?60c17970

Plugin Details

Severity: Critical

ID: 118247

File Name: freebsd_pkg_afc604840652440eb01a5ef814747f06.nasl

Version: 1.4

Type: local

Published: 10/22/2018

Updated: 2/7/2022

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-16395

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ruby, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 10/20/2018

Vulnerability Publication Date: 10/17/2018

Reference Information

CVE: CVE-2018-16395, CVE-2018-16396