FreeBSD : ruby -- multiple vulnerabilities (afc60484-0652-440e-b01a-5ef814747f06)

high Nessus Plugin ID 118247

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 5.9

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Ruby news :

CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly

An instance of OpenSSL::X509::Name contains entities such as CN, C and so on. Some two instances of OpenSSL::X509::Name are equal only when all entities are exactly equal. However, there is a bug that the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). So, if a malicious X.509 certificate is passed to compare with an existing certificate, there is a possibility to be judged incorrectly that they are equal.

CVE-2018-16396: Tainted flags are not propagated in Array#pack and String#unpack with some directives

Array#pack method converts the receiver's contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.

Solution

Update the affected packages.

See Also

https://www.ruby-lang.org/en/news/2018/10/17/ruby-2-5-2-released/

http://www.nessus.org/u?2cb277f6

http://www.nessus.org/u?4ea53be8

http://www.nessus.org/u?60c17970

Plugin Details

Severity: High

ID: 118247

File Name: freebsd_pkg_afc604840652440eb01a5ef814747f06.nasl

Version: 1.3

Type: local

Published: 10/22/2018

Updated: 12/19/2018

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*, p-cpe:2.3:a:freebsd:freebsd:ruby:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/20/2018

Vulnerability Publication Date: 10/17/2018

Reference Information

CVE: CVE-2018-16395, CVE-2018-16396