CentOS 4 / 5 : ruby (CESA-2008:0981)

High Nessus Plugin ID 35263

Synopsis

The remote CentOS host is missing one or more security updates.

Description

Updated ruby packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks.

Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310)

All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue.

Solution

Update the affected ruby packages.

See Also

http://www.nessus.org/u?b4bd6fdf

http://www.nessus.org/u?e0d57ad0

http://www.nessus.org/u?41933173

http://www.nessus.org/u?91279855

http://www.nessus.org/u?27a84009

Plugin Details

Severity: High

ID: 35263

File Name: centos_RHSA-2008-0981.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2008/12/26

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:centos:centos:irb, p-cpe:/a:centos:centos:ruby, p-cpe:/a:centos:centos:ruby-devel, p-cpe:/a:centos:centos:ruby-docs, p-cpe:/a:centos:centos:ruby-irb, p-cpe:/a:centos:centos:ruby-libs, p-cpe:/a:centos:centos:ruby-mode, p-cpe:/a:centos:centos:ruby-rdoc, p-cpe:/a:centos:centos:ruby-ri, p-cpe:/a:centos:centos:ruby-tcltk, cpe:/o:centos:centos:4, cpe:/o:centos:centos:5

Required KB Items: Host/local_checks_enabled, Host/CentOS/release, Host/CentOS/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/12/06

Reference Information

CVE: CVE-2008-3656, CVE-2008-4310

BID: 30644

RHSA: 2008:0981

CWE: 399