home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / redhat-RHSA-2004-635.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  96 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. #
5. # The text of this plugin is (C) Red Hat Inc.
6.  
7. if ( ! defined_func("bn_random") ) exit(0);
8. if(description)
9. {
10.  script_id(15945);
11.  script_version ("$Revision: 1.1 $");
12.  script_cve_id("CAN-2004-0983");
13.  
14.  name["english"] = "RHSA-2004-635: irb";
15.  
16.  script_name(english:name["english"]);
17.  
18.  desc["english"] = '
19.                                                                                
20.   An updated ruby package that fixes a denial of service issue for the CGI     
21.   instance is now available.                                                   
22.                                                                                
23.   Ruby is an interpreted scripting language for object-oriented programming.   
24.                                                                                
25.   A flaw was dicovered in the CGI module of Ruby. If empty data is sent by     
26.   the POST method to the CGI script which requires MIME type                   
27.   multipart/form-data, it can get stuck in a loop. A remote attacker could     
28.   trigger this flaw and cause a denial of service. The Common                  
29.   Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name  
30.   CAN-2004-0983 to this issue.                                                 
31.                                                                                
32.   Users are advised to upgrade to this erratum package, which contains a       
33.   backported patch to cgi.rb.                                                  
34.                                                                                
35.                                                                                
36.  
37.  
38. Solution : http://rhn.redhat.com/errata/RHSA-2004-635.html
39. Risk factor : High';
40.  
41.  script_description(english:desc["english"]);
42.  
43.  summary["english"] = "Check for the version of the irb packages";
44.  script_summary(english:summary["english"]);
45.  
46.  script_category(ACT_GATHER_INFO);
47.  
48.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
49.  family["english"] = "Red Hat Local Security Checks";
50.  script_family(english:family["english"]);
51.  
52.  script_dependencies("ssh_get_info.nasl");
53.  
54.  script_require_keys("Host/RedHat/rpm-list");
55.  exit(0);
56. }
57.  
58. include("rpm.inc");
59. if ( rpm_check( reference:"irb-1.6.4-2.AS21.1", release:"RHEL2.1") )
60. {
61.  security_hole(0);
62.  exit(0);
63. }
64. if ( rpm_check( reference:"ruby-1.6.4-2.AS21.1", release:"RHEL2.1") )
65. {
66.  security_hole(0);
67.  exit(0);
68. }
69. if ( rpm_check( reference:"ruby-devel-1.6.4-2.AS21.1", release:"RHEL2.1") )
70. {
71.  security_hole(0);
72.  exit(0);
73. }
74. if ( rpm_check( reference:"ruby-docs-1.6.4-2.AS21.1", release:"RHEL2.1") )
75. {
76.  security_hole(0);
77.  exit(0);
78. }
79. if ( rpm_check( reference:"ruby-libs-1.6.4-2.AS21.1", release:"RHEL2.1") )
80. {
81.  security_hole(0);
82.  exit(0);
83. }
84. if ( rpm_check( reference:"ruby-tcltk-1.6.4-2.AS21.1", release:"RHEL2.1") )
85. {
86.  security_hole(0);
87.  exit(0);
88. }
89.  
90. if ( rpm_exists(rpm:"irb-", release:"RHEL2.1") )
91. {
92.  set_kb_item(name:"CAN-2004-0983", value:TRUE);
93. }
94.  
95. set_kb_item(name:"RHSA-2004-635", value:TRUE);
96.