ID de Prueba:	1.3.6.1.4.1.25623.1.0.840923
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for ruby1.8 USN-1377-1
Resumen:	Ubuntu Update for Linux kernel vulnerabilities USN-1377-1
Descripción:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1377-1 Vulnerability Insight: Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. (CVE-2010-0541) Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. (CVE-2011-0188) Nicholas Jefferson discovered that the FileUtils.remove_entry_secure method in Ruby did not properly remove non-empty directories. An attacker could use this flaw to possibly delete arbitrary files. (CVE-2011-1004) It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. (CVE-2011-1005) Eric Wong discovered that Ruby does not properly reseed its pseudorandom number generator when creating child processes. An attacker could use this flaw to gain knowledge of the random numbers used in other Ruby child processes. (CVE-2011-2686) Eric Wong discovered that the SecureRandom module in Ruby did not properly seed its pseudorandom number generator. An attacker could use this flaw to gain knowledge of the random numbers used by another Ruby process with the same process ID number. (CVE-2011-2705) Alexander Klink and Julian Walde discovered that Ruby computed hash values without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by crafting values used in hash tables. (CVE-2011-4815) Affected Software/OS: ruby1.8 on Ubuntu 11.04, Ubuntu 10.10, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0541 http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html BugTraq ID: 40871 http://www.securityfocus.com/bid/40871 BugTraq ID: 40895 http://www.securityfocus.com/bid/40895 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://secunia.com/advisories/40220 http://www.vupen.com/english/advisories/2010/1481 Common Vulnerability Exposure (CVE) ID: CVE-2011-0188 http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html http://www.redhat.com/support/errata/RHSA-2011-0910.html http://www.securitytracker.com/id?1025236 Common Vulnerability Exposure (CVE) ID: CVE-2011-1004 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html BugTraq ID: 46460 http://www.securityfocus.com/bid/46460 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054422.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054436.html http://www.openwall.com/lists/oss-security/2011/02/21/2 http://www.openwall.com/lists/oss-security/2011/02/21/5 http://osvdb.org/70958 http://secunia.com/advisories/43434 http://secunia.com/advisories/43573 http://www.vupen.com/english/advisories/2011/0539 Common Vulnerability Exposure (CVE) ID: CVE-2011-1005 BugTraq ID: 46458 http://www.securityfocus.com/bid/46458 http://osvdb.org/70957 http://secunia.com/advisories/43420 Common Vulnerability Exposure (CVE) ID: CVE-2011-2686 BugTraq ID: 49015 http://www.securityfocus.com/bid/49015 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html http://www.openwall.com/lists/oss-security/2011/07/11/1 http://www.openwall.com/lists/oss-security/2011/07/12/14 http://www.openwall.com/lists/oss-security/2011/07/20/1 http://www.openwall.com/lists/oss-security/2011/07/20/16 XForce ISS Database: ruby-random-number-dos(69032) https://exchange.xforce.ibmcloud.com/vulnerabilities/69032 Common Vulnerability Exposure (CVE) ID: CVE-2011-2705 http://www.redhat.com/support/errata/RHSA-2011-1581.html Common Vulnerability Exposure (CVE) ID: CVE-2011-4815 Bugtraq: 20111228 n.runs-SA-2011.004 - web programming languages and platforms - DoS through hash table (Google Search) http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html CERT/CC vulnerability note: VU#903934 http://www.kb.cert.org/vuls/id/903934 http://jvn.jp/en/jp/JVN90615481/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000066.html http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606 RedHat Security Advisories: RHSA-2012:0069 http://rhn.redhat.com/errata/RHSA-2012-0069.html RedHat Security Advisories: RHSA-2012:0070 http://rhn.redhat.com/errata/RHSA-2012-0070.html http://www.securitytracker.com/id?1026474 http://secunia.com/advisories/47405 http://secunia.com/advisories/47822 XForce ISS Database: ruby-hash-dos(72020) https://exchange.xforce.ibmcloud.com/vulnerabilities/72020
Copyright	Copyright (c) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.