Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:193 (ruby)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.64536

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:193 (ruby)

Resumen: The remote host is missing an update to ruby;announced via advisory MDVSA-2009:193.

Descripción: Summary:
The remote host is missing an update to ruby
announced via advisory MDVSA-2009:193.

Vulnerability Insight:
ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check
the return value from the OCSP_basic_verify function, which might allow
remote attackers to successfully present an invalid X.509 certificate,
possibly involving a revoked certificate.

This update corrects the problem, including for older ruby versions.

Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0642
BugTraq ID: 33769
http://www.securityfocus.com/bid/33769
http://www.mandriva.com/security/advisories?name=MDVSA-2009:193
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450
http://www.redhat.com/support/errata/RHSA-2009-1140.html
http://www.securitytracker.com/id?1022505
http://secunia.com/advisories/33750
http://secunia.com/advisories/35699
http://secunia.com/advisories/35937
http://www.ubuntu.com/usn/USN-805-1
XForce ISS Database: ruby-ocspbasicverify-spoofing(48761)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48761

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.64536
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:193 (ruby)
Resumen:	The remote host is missing an update to ruby;announced via advisory MDVSA-2009:193.
Descripción:	Summary: The remote host is missing an update to ruby announced via advisory MDVSA-2009:193. Vulnerability Insight: ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. This update corrects the problem, including for older ruby versions. Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0642 BugTraq ID: 33769 http://www.securityfocus.com/bid/33769 http://www.mandriva.com/security/advisories?name=MDVSA-2009:193 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513528 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11450 http://www.redhat.com/support/errata/RHSA-2009-1140.html http://www.securitytracker.com/id?1022505 http://secunia.com/advisories/33750 http://secunia.com/advisories/35699 http://secunia.com/advisories/35937 http://www.ubuntu.com/usn/USN-805-1 XForce ISS Database: ruby-ocspbasicverify-spoofing(48761) https://exchange.xforce.ibmcloud.com/vulnerabilities/48761
Copyright	Copyright (C) 2009 E-Soft Inc.