FreeBSD : Ruby -- OpenSSL Hostname Verification Vulnerability (d4379f59-3e9b-49eb-933b-61de4d0b0fdb)

High Nessus Plugin ID 82753


The remote FreeBSD host is missing one or more security-related updates.


Ruby Developers report :

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates.

Ruby's OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 82753

File Name: freebsd_pkg_d4379f593e9b49eb933b61de4d0b0fdb.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2015/04/14

Modified: 2016/05/26

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ruby, p-cpe:/a:freebsd:freebsd:ruby, p-cpe:/a:freebsd:freebsd:ruby, p-cpe:/a:freebsd:freebsd:ruby20, p-cpe:/a:freebsd:freebsd:ruby21, p-cpe:/a:freebsd:freebsd:ruby22, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/04/14

Vulnerability Publication Date: 2015/04/13

Reference Information

CVE: CVE-2015-1855