ID de Prueba:	1.3.6.1.4.1.25623.1.0.122548
Categoría:	Oracle Linux Local Security Checks
Título:	Oracle: Security Advisory (ELSA-2008-0897)
Resumen:	The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2008-0897 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ruby' package(s) announced via the ELSA-2008-0897 advisory. Vulnerability Insight: [1.8.5-5.el5_2.5] - Build with -fno-strict-aliasing. [1.8.5-5.el5_2.4] - security fixes. (#461590) - CVE-2008-3655: multiple insufficient safe mode restrictions. - CVE-2008-3656: WEBrick DoS vulnerability (CPU consumption). - CVE-2008-3657: missing taintness checks in dl module. - CVE-2008-3905: use of predictable source port and transaction id in DNS requests done by resolv.rb module. - CVE-2008-3443: Memory allocation failure in Ruby regex engine (remotely exploitable DoS). - CVE-2008-3790: DoS vulnerability in the REXML module. Affected Software/OS: 'ruby' package(s) on Oracle Linux 4, Oracle Linux 5. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1145 1019562 http://www.securitytracker.com/id?1019562 20080306 Re: [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability http://www.securityfocus.com/archive/1/489218/100/0/threaded 20080306 [DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability http://www.securityfocus.com/archive/1/489205/100/0/threaded 20080325 rPSA-2008-0123-1 ruby http://www.securityfocus.com/archive/1/490056/100/0/threaded 28123 http://www.securityfocus.com/bid/28123 29232 http://secunia.com/advisories/29232 29357 http://secunia.com/advisories/29357 29536 http://secunia.com/advisories/29536 30802 http://secunia.com/advisories/30802 31687 http://secunia.com/advisories/31687 32371 http://secunia.com/advisories/32371 5215 https://www.exploit-db.com/exploits/5215 ADV-2008-0787 http://www.vupen.com/english/advisories/2008/0787 ADV-2008-1981 http://www.vupen.com/english/advisories/2008/1981/references APPLE-SA-2008-06-30 http://lists.apple.com/archives/security-announce/2008//Jun/msg00002.html FEDORA-2008-2443 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00338.html FEDORA-2008-2458 https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00354.html MDVSA-2008:141 http://www.mandriva.com/security/advisories?name=MDVSA-2008:141 MDVSA-2008:142 http://www.mandriva.com/security/advisories?name=MDVSA-2008:142 RHSA-2008:0897 http://www.redhat.com/support/errata/RHSA-2008-0897.html SUSE-SR:2008:017 http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html VU#404515 http://www.kb.cert.org/vuls/id/404515 http://support.apple.com/kb/HT2163 http://wiki.rpath.com/Advisories:rPSA-2008-0123 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0123 http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ https://issues.rpath.com/browse/RPL-2338 oval:org.mitre.oval:def:10937 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10937 ruby-webrick-directory-traversal(41010) https://exchange.xforce.ibmcloud.com/vulnerabilities/41010 Common Vulnerability Exposure (CVE) ID: CVE-2008-3443 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html BugTraq ID: 30682 http://www.securityfocus.com/bid/30682 Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1695 (Google Search) http://www.debian.org/security/2009/dsa-1695 https://www.exploit-db.com/exploits/6239 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00299.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00259.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9570 http://www.redhat.com/support/errata/RHSA-2008-0895.html http://www.securitytracker.com/id?1021075 http://secunia.com/advisories/31430 http://secunia.com/advisories/32165 http://secunia.com/advisories/32219 http://secunia.com/advisories/32372 http://secunia.com/advisories/33185 http://secunia.com/advisories/33398 http://secunia.com/advisories/35074 http://securityreason.com/securityalert/4158 https://usn.ubuntu.com/651-1/ https://usn.ubuntu.com/691-1/ http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: ruby-regex-dos(44688) https://exchange.xforce.ibmcloud.com/vulnerabilities/44688 Common Vulnerability Exposure (CVE) ID: CVE-2008-3655 BugTraq ID: 30644 http://www.securityfocus.com/bid/30644 Bugtraq: 20080831 rPSA-2008-0264-1 ruby (Google Search) http://www.securityfocus.com/archive/1/495884/100/0/threaded Debian Security Information: DSA-1651 (Google Search) http://www.debian.org/security/2008/dsa-1651 Debian Security Information: DSA-1652 (Google Search) http://www.debian.org/security/2008/dsa-1652 http://security.gentoo.org/glsa/glsa-200812-17.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11602 http://www.securitytracker.com/id?1020656 http://secunia.com/advisories/31697 http://secunia.com/advisories/32255 http://secunia.com/advisories/32256 http://secunia.com/advisories/33178 http://www.vupen.com/english/advisories/2008/2334 XForce ISS Database: ruby-safelevel-security-bypass(44369) https://exchange.xforce.ibmcloud.com/vulnerabilities/44369 Common Vulnerability Exposure (CVE) ID: CVE-2008-3656 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9682 http://www.securitytracker.com/id?1020654 XForce ISS Database: ruby-webrick-dos(44371) https://exchange.xforce.ibmcloud.com/vulnerabilities/44371 Common Vulnerability Exposure (CVE) ID: CVE-2008-3657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9793 http://www.securitytracker.com/id?1020652 XForce ISS Database: ruby-dl-security-bypass(44372) https://exchange.xforce.ibmcloud.com/vulnerabilities/44372 Common Vulnerability Exposure (CVE) ID: CVE-2008-3790 BugTraq ID: 30802 http://www.securityfocus.com/bid/30802 http://groups.google.com/group/comp.lang.ruby/browse_thread/thread/19f69e8a081fc0d1/e138e014b74352ca http://www.openwall.com/lists/oss-security/2008/08/25/4 http://www.openwall.com/lists/oss-security/2008/08/26/1 http://www.openwall.com/lists/oss-security/2008/08/26/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10393 http://www.securitytracker.com/id?1020735 http://secunia.com/advisories/31602 http://www.vupen.com/english/advisories/2008/2428 http://www.vupen.com/english/advisories/2008/2483 XForce ISS Database: ruby-rexml-dos(44628) https://exchange.xforce.ibmcloud.com/vulnerabilities/44628 Common Vulnerability Exposure (CVE) ID: CVE-2008-3905 BugTraq ID: 31699 http://www.securityfocus.com/bid/31699 http://www.openwall.com/lists/oss-security/2008/09/03/3 http://www.openwall.com/lists/oss-security/2008/09/04/9 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10034 http://secunia.com/advisories/32948 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.371754 XForce ISS Database: ruby-resolv-dns-spoofing(45935) https://exchange.xforce.ibmcloud.com/vulnerabilities/45935
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.