Lucene search
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.ALA_ALAS-2016-632.NASLHistoryJan 19, 2016 - 12:00 a.m.
Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)
2016-01-1900:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
8
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.3%
DL::dlopen could open a library with tainted library name even if $SAFE > 0.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-632.
#
include("compat.inc");
if (description)
{
script_id(87966);
script_version("2.4");
script_cvs_date("Date: 2018/04/18 15:09:35");
script_cve_id("CVE-2015-7551");
script_xref(name:"ALAS", value:"2016-632");
script_name(english:"Amazon Linux AMI : ruby19 / ruby20,ruby21,ruby22 (ALAS-2016-632)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"DL::dlopen could open a library with tainted library name even if
$SAFE > 0."
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2016-632.html"
);
script_set_attribute(
attribute:"solution",
value:
"Run 'yum update ruby19' to update your system.
Run 'yum update ruby20' to update your system.
Run 'yum update ruby21' to update your system.
Run 'yum update ruby22' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby19-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby20-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby21-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ruby22-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-minitest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-rake");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem19-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem20-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem21-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygem22-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems19");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems19-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems20");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems20-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems21");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems21-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems22");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rubygems22-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"ruby19-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby19-debuginfo-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby19-devel-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby19-doc-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby19-irb-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby19-libs-1.9.3.551-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-debuginfo-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-devel-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-doc-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-irb-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby20-libs-2.0.0.648-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-debuginfo-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-devel-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-doc-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-irb-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby21-libs-2.1.8-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-debuginfo-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-devel-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-doc-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-irb-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"ruby22-libs-2.2.4-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-bigdecimal-1.1.0-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-io-console-0.3-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-json-1.5.5-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-minitest-2.5.1-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-rake-0.9.2.2-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem19-rdoc-3.9.5-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem20-bigdecimal-1.2.0-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem20-io-console-0.4.2-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem20-psych-2.0.0-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem21-bigdecimal-1.2.4-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem21-io-console-0.4.3-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem21-psych-2.0.5-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-bigdecimal-1.2.6-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-io-console-0.4.3-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygem22-psych-2.0.8-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems19-1.8.23.2-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems19-devel-1.8.23.2-32.70.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems20-2.0.14.1-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems20-devel-2.0.14.1-1.29.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems21-2.2.5-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems21-devel-2.2.5-1.19.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems22-2.4.5.1-1.8.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"rubygems22-devel-2.4.5.1-1.8.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby19 / ruby19-debuginfo / ruby19-devel / ruby19-doc / ruby19-irb / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | ruby19 | p-cpe:/a:amazon:linux:ruby19 |
| amazon | linux | ruby19-debuginfo | p-cpe:/a:amazon:linux:ruby19-debuginfo |
| amazon | linux | ruby19-devel | p-cpe:/a:amazon:linux:ruby19-devel |
| amazon | linux | ruby19-doc | p-cpe:/a:amazon:linux:ruby19-doc |
| amazon | linux | ruby19-irb | p-cpe:/a:amazon:linux:ruby19-irb |
| amazon | linux | ruby19-libs | p-cpe:/a:amazon:linux:ruby19-libs |
| amazon | linux | ruby20 | p-cpe:/a:amazon:linux:ruby20 |
| amazon | linux | ruby20-debuginfo | p-cpe:/a:amazon:linux:ruby20-debuginfo |
| amazon | linux | ruby20-devel | p-cpe:/a:amazon:linux:ruby20-devel |
| amazon | linux | ruby20-doc | p-cpe:/a:amazon:linux:ruby20-doc |
Related
veracode
veracode
Arbitrary Code Execution
2019-05-16 02:49:48
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-632)
2016-01-20 00:00:00
openSUSE: Security Advisory for ruby2.2 (openSUSE-SU-2017:0933-1)
2017-04-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0948-1)
2021-06-09 00:00:00
amazon
amazon
Low: ruby19, ruby20, ruby21, ruby22
2016-01-18 11:00:00
nessus
nessus
SUSE SLES11 Security Update : ruby (SUSE-SU-2017:0948-1)
2017-04-07 00:00:00
Fedora 22 : ruby-2.2.4-47.fc22 (2015-c4409eb73a)
2016-03-04 00:00:00
openSUSE Security Update : ruby2.2 / ruby2.3 (openSUSE-2017-435)
2017-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2009-5147
2017-03-29 00:00:00
CVE-2015-7551
2016-03-23 00:00:00
nvd
nvd
CVE-2015-7551
2016-03-24 01:59:03
mageia
mageia
Updated ruby packages fix security vulnerability
2016-01-12 12:13:53
suse
suse
Security update for ruby2.2, ruby2.3 (important)
2017-04-05 15:08:17
Security update for ruby2.1 (important)
2017-04-28 18:11:28
Security update for ruby2.1 (important)
2017-04-20 12:08:57
prion
prion
Design/Logic Flaw
2016-03-24 01:59:00
cve
cve
CVE-2015-7551
2016-03-24 01:59:03
freebsd
freebsd
Ruby -- unsafe tainted string vulnerability
2015-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: ruby-2.2.4-47.fc23
2015-12-29 22:26:04
[SECURITY] Fedora 22 Update: ruby-2.2.4-47.fc22
2016-01-08 03:36:39
cvelist
cvelist
CVE-2015-7551
2016-03-24 01:00:00
archlinux
archlinux
ruby: unsafe tainted string usage
2015-12-17 00:00:00
ubuntu
ubuntu
Ruby vulnerabilities
2017-07-25 00:00:00
redhat
redhat
apple
apple
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
71.3%
Related for ALA_ALAS-2016-632.NASL