FrSIRT - Fedora Security Update Fixes Ruby Net::HTTPS Security Bypass Issue / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Ruby Net::HTTPS Security Bypass Issue

Title : Fedora Security Update Fixes Ruby Net::HTTPS Security Bypass Issue
Advisory ID : FrSIRT/ADV-2007-3763
CVE ID : CVE-2007-5162
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-07

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited to conduct spoofing attacks [...]

Solution

Upgrade the affected packages :

2073b29fbb01686ee23b21f0605833c8d21490ec ruby-ri-1.8.6.111-1.fc8.ppc64.rpm
b61d1baa8cfdba8bfe53bc796758b947f557e655 ruby-1.8.6.111-1.fc8.ppc64.rpm
a9f4a5b8116407f35642b715bf2f0fa1d0229949 ruby-docs-1.8.6.111-1.fc8.ppc64.rpm
b70aefa6d944c1e1489e9a87513afd66c4de4855 ruby-debuginfo-1.8.6.111-1.fc8.ppc64.rpm
b18935fc5ecefbbb9f9e99c202c3bcf2b379dd2c ruby-libs-1.8.6.111-1.fc8.ppc64.rpm
b01a41bb908ddb6fc6bca5e3e416239ca1ec9e86 ruby-rdoc-1.8.6.111-1.fc8.ppc64.rpm
ff7fb9588a5b779633fe34fa559a9dd2c5474ea7 ruby-irb-1.8.6.111-1.fc8.ppc64.rpm
82102260b58d8febe893ccac083d5b5f0e545c68 ruby-devel-1.8.6.111-1.fc8.ppc64.rpm
ffa6d416db569cd30e1b930fb6c3bc001dd12a65 ruby-tcltk-1.8.6.111-1.fc8.ppc64.rpm
90431b6623911da1cb47738193afb734da8db675 ruby-devel-1.8.6.111-1.fc8.i386.rpm
99929c65dd7a46735dd8c62e9209a04f087942d5 ruby-ri-1.8.6.111-1.fc8.i386.rpm
7c42af595169eb0716270922ca26b487c875a31b ruby-debuginfo-1.8.6.111-1.fc8.i386.rpm
cc10005b4e83dbfa41772dc3634367703b83c421 ruby-docs-1.8.6.111-1.fc8.i386.rpm
d3e3874612fc5b0b10d95f8c3c04a3f82cb51537 ruby-tcltk-1.8.6.111-1.fc8.i386.rpm
b67bc869ca14f30ead903b8141543cbe15cb6550 ruby-1.8.6.111-1.fc8.i386.rpm
580c6134840ea0e91868d5b90823a7b0ce0b3525 ruby-irb-1.8.6.111-1.fc8.i386.rpm
ceb1e94ff69d320af08f0c23099e100850678e29 ruby-mode-1.8.6.111-1.fc8.i386.rpm
00dd010256ce8afb4d79c24ca62222d9c47763f5 ruby-rdoc-1.8.6.111-1.fc8.i386.rpm
23a1b9afeda1519f73348019ccc1a3928ba16690 ruby-libs-1.8.6.111-1.fc8.i386.rpm
30855a2630fc0ac34dfe00bad8ef8ac4bc44a5af ruby-rdoc-1.8.6.111-1.fc8.x86_64.rpm
89d39ec93bf64a86f0d9490eb3747bf6eec5268f ruby-tcltk-1.8.6.111-1.fc8.x86_64.rpm
fa886c122faca81cf1d54b3e5080eec0b7b34410 ruby-devel-1.8.6.111-1.fc8.x86_64.rpm
9b236db4133bdea9cb562f5b2242062ec44ca5d9 ruby-ri-1.8.6.111-1.fc8.x86_64.rpm
1bef07a77762abe9d5eb46e41671ec91557612ca ruby-irb-1.8.6.111-1.fc8.x86_64.rpm
e2c65abcd222569acf1f43192eee3f038d12c94c ruby-docs-1.8.6.111-1.fc8.x86_64.rpm
875d5a64fccb3cf25755f5d67adfcb62920acd8e ruby-1.8.6.111-1.fc8.x86_64.rpm
5906b9f1220960bcba5185dcc1360211be912444 ruby-libs-1.8.6.111-1.fc8.x86_64.rpm
b1f26afaa9c3140ba8d2044c083a9fd85ab33c30 ruby-mode-1.8.6.111-1.fc8.x86_64.rpm
361ec01d9d836029927fd912eaf43cc4e0c370bc ruby-debuginfo-1.8.6.111-1.fc8.x86_64.rpm
4c5218b4c9ce24b0ccba5586346f56851d6a3791 ruby-mode-1.8.6.111-1.fc8.ppc.rpm
c1b12d5715663c3de872abbbc1449151a4842e9e ruby-tcltk-1.8.6.111-1.fc8.ppc.rpm
6e1a7c320a11888f14a38fdeecdce1331b7751d2 ruby-debuginfo-1.8.6.111-1.fc8.ppc.rpm
bae5e427b6f0eb1125708f328681f2bf061ac1b6 ruby-rdoc-1.8.6.111-1.fc8.ppc.rpm
285682801fb4da010fa9ac80547f5ed22ed9ece7 ruby-devel-1.8.6.111-1.fc8.ppc.rpm
87a0341deb58fa8e6bc0bc43f952ed4fcf8d4df4 ruby-libs-1.8.6.111-1.fc8.ppc.rpm
e072e4c434ab93df5166a78522c4532dddb06b06 ruby-irb-1.8.6.111-1.fc8.ppc.rpm
2879f2876912f6596cbea33c85a48dfe98b18969 ruby-ri-1.8.6.111-1.fc8.ppc.rpm
2cd84d2c69fe2e7c3159620af0c264403cb24ac8 ruby-1.8.6.111-1.fc8.ppc.rpm
ad7bf2b10e4f7a8863c0bb813149b5199e45895e ruby-docs-1.8.6.111-1.fc8.ppc.rpm
bcc94bd45f8d217019e1c27072d1006a8143232e ruby-1.8.6.111-1.fc8.src.rpm

ChangeLog

2007-11-07 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability

	Sun Solaris Covert Channel Local Security Bypass Vulnerability
	Sun Solaris NFS RPC Zone Denial of Service Vulnerability
	Sun Solaris NFS Kernel Module Local Denial of Service Vulnerability
	Sun Solaris NFSv4 Client Kernel Module Denial of Service Vulnerability
	Sun Java System Portal Server Cross Site Scripting Vulnerability
	Sun rdesktop Code Execution and Denial of Service
	Sun Java System Web Proxy Server Denial of Service Vulnerability

	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation
	Cisco Products SNMPv3 Authentication Packets Vulnerabilities
	Cisco PIX and ASA Security Bypass and Denial of Service