FreeBSD : ruby -- multiple vulnerabilities in safe level (c329712a-6b5b-11dd-9d79-001fc61c2a55)
High Nessus Plugin ID 33906
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe official ruby site reports :
Several vulnerabilities in safe level have been discovereds:.
- untrace_var is permitted at safe level 4;
- $PROGRAM_NAME may be modified at safe level 4;
- insecure methods may be called at safe level 1-3;
- syslog operations are permitted at safe level 4;
- dl doesn't check taintness, so it could allow attackers to call dangerous functions.
SolutionUpdate the affected packages.