Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.52831
Kategorie:Turbolinux Local Security Tests
Titel:Turbolinux TLSA-2005-15 (ruby)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to ruby
announced via advisory TLSA-2005-15.

Ruby is an interpreted scripting language designed to allow quick and
easy object-oriented programming. It has many features to process text
files and to perform system management tasks (as in Perl). It is simple,
straight-forward, and extensible.

Two issues have been discovered in Ruby:
- CGI::Session's FileStore implementations store session information
insecurely
- The CGI module in Ruby allows remote attackers to cause a denial of
service (excessive CPU consumption due to an infinite loop) via a
malformed HTTP request

The vulnerabilities may allow a local user to steal session information
and hijack sessions or allow a remote attacker to cause a denial of
service in the CGI module in Ruby.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-15

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0755
Debian Security Information: DSA-537 (Google Search)
http://www.debian.org/security/2004/dsa-537
http://www.gentoo.org/security/en/glsa/glsa-200409-08.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:128
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11128
http://secunia.com/advisories/12290/
XForce ISS Database: ruby-filestore-pstore-insecure-permission(16996)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16996
Common Vulnerability Exposure (CVE) ID: CVE-2004-0983
BugTraq ID: 11618
http://www.securityfocus.com/bid/11618
Debian Security Information: DSA-586 (Google Search)
http://www.debian.org/security/2004/dsa-586
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10268
http://www.redhat.com/support/errata/RHSA-2004-635.html
https://usn.ubuntu.com/20-1/
XForce ISS Database: ruby-cgi-dos(17985)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17985
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.