ID CVE-2013-4073
Summary The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
Vulnerable Configurations
  • Ruby-lang Ruby 1.8.6-26
    cpe:2.3:a:ruby-lang:ruby:1.8.6-26
  • ruby-lang Ruby 1.8.7
    cpe:2.3:a:ruby-lang:ruby:1.8.7
  • ruby-lang Ruby 1.8.7-p160
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p160
  • ruby-lang Ruby 1.8.7-p17
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p17
  • ruby-lang Ruby 1.8.7-p173
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p173
  • ruby-lang Ruby 1.8.7-p174
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p174
  • ruby-lang Ruby 1.8.7-p22
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  • ruby-lang Ruby 1.8.7-p248
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p248
  • ruby-lang Ruby 1.8.7-p249
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p249
  • ruby-lang Ruby 1.8.7-p299
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p299
  • ruby-lang Ruby 1.8.7-p301
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p301
  • ruby-lang Ruby 1.8.7-p302
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p302
  • ruby-lang Ruby 1.8.7-p330
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p330
  • ruby-lang Ruby 1.8.7-p334
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p334
  • ruby-lang Ruby 1.8.7-p352
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p352
  • ruby-lang Ruby 1.8.7-p357
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p357
  • ruby-lang Ruby 1.8.7-p358
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p358
  • ruby-lang Ruby 1.8.7-p370
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p370
  • ruby-lang Ruby 1.8.7-p371
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p371
  • Ruby-lang Ruby 1.8.7-p373
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p373
  • ruby-lang Ruby 1.8.7-p71
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  • ruby-lang Ruby 1.8.7-p72
    cpe:2.3:a:ruby-lang:ruby:1.8.7:p72
  • ruby-lang Ruby 1.8.7-preview1
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview1
  • ruby-lang Ruby 1.8.7-preview2
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview2
  • ruby-lang Ruby 1.8.7-preview3
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview3
  • ruby-lang Ruby 1.8.7-preview4
    cpe:2.3:a:ruby-lang:ruby:1.8.7:preview4
  • ruby-lang Ruby 1.9.3
    cpe:2.3:a:ruby-lang:ruby:1.9.3
  • ruby-lang Ruby 1.9.3-p0
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p0
  • ruby-lang Ruby 1.9.3-p125
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p125
  • ruby-lang Ruby 1.9.3-p194
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p194
  • ruby-lang Ruby 1.9.3-p286
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p286
  • ruby-lang Ruby 1.9.3-p383
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p383
  • ruby-lang Ruby 1.9.3-p385
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p385
  • ruby-lang Ruby 1.9.3-p392
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p392
  • ruby-lang Ruby 1.9.3-p426
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p426
  • Ruby-lang Ruby 1.9.3-p429
    cpe:2.3:a:ruby-lang:ruby:1.9.3:p429
  • Ruby-lang Ruby 2.0.0-p0
    cpe:2.3:a:ruby-lang:ruby:2.0.0:p0
  • Ruby-lang Ruby 2.0.0-p195
    cpe:2.3:a:ruby-lang:ruby:2.0.0:p195
  • Ruby-lang Ruby 2.0.0-preview1
    cpe:2.3:a:ruby-lang:ruby:2.0.0:preview1
  • Ruby-lang Ruby 2.0.0-preview2
    cpe:2.3:a:ruby-lang:ruby:2.0.0:preview2
  • Ruby-lang Ruby 2.0.0 rc1
    cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1
  • Ruby-lang Ruby 2.0.0 rc2
    cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2
CVSS
Base: 6.8 (as of 18-08-2013 - 09:38)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_9.NASL
    description The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 70561
    published 2013-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70561
    title Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_RUBY_20130924.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. (CVE-2011-1005) - The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for CVE-2011-1005. (CVE-2012-4481) - The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. (CVE-2013-4073)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80755
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80755
    title Oracle Solaris Third-Party Patch Update : ruby (cve_2013_4073_cryptographic_issues)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_9_2.NASL
    description The remote host is running a version of Mac OS X 10.9.x that is prior to 10.9.2. This update contains several security-related fixes for the following components : - Apache - ATS - Certificate Trust Policy - CoreAnimation - CoreText - curl - Data Security - Date and Time - File Bookmark - Finder - ImageIO - NVIDIA Drivers - PHP - QuickLook - QuickTime Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 72687
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72687
    title Mac OS X 10.9.x < 10.9.2 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2809.NASL
    description Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all host memory. - CVE-2013-4073 William (B.J.) Snow Orvis discovered a vulnerability in the hostname checking in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate issued by a trusted certification authority. - CVE-2013-4164 Charlie Somerville discovered that Ruby incorrectly handled floating point number conversion. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71220
    published 2013-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71220
    title Debian DSA-2809-1 : ruby1.8 - several vulnerabilities
  • NASL family CGI abuses
    NASL id PUPPET_ENTERPRISE_301.NASL
    description According to its self-reported version number, the Puppet Enterprise install on the remote host is a version prior to 3.0.1. As a result, it reportedly has multiple vulnerabilities: - An error exists related to the included Ruby SSL client that could allow man-in-the-middle attacks. (CVE-2013-4073) - An error exists related to the 'resource_type' service that could allow a local attacker to cause arbitrary Ruby files to be executed. (CVE-2013-4761) - Multiple session vulnerabilities exist that could allow an attacker to hijack an arbitrary session and gain unauthorized access. (CVE-2013-4762, CVE-2013-4964) - An error exists related to 'Puppet Module Tool' (PMT) and improper permissions. (CVE-2013-4956) - Multiple security bypass vulnerabilities exist that could allow an attacker to gain unauthorized access and perform sensitive transactions. (CVE-2013-4958, CVE-2013-4962) - Multiple information disclosure vulnerabilities exist that could allow an attacker to access sensitive information such as server software versions, MAC addresses, SSH keys, and database passwords. (CVE-2013-4959, CVE-2013-4961, CVE-2013-4967) - An open-redirection vulnerability exists that could allow an attacker to attempt a phishing attack. (CVE-2013-4955) - Clickjacking and cross-site-scripting vulnerabilities exist that could allow an attacker to trick users into sending them sensitive information such as passwords. (CVE-2013-4968) - A cross-site request forgery vulnerability exists that could allow an attacker to manipulate a logged in user's browser to perform sensitive transactions on the user's behalf. (CVE-2013-4963)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70663
    published 2013-10-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70663
    title Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2014-001.NASL
    description The remote host is running a version of Mac OS X 10.7 or 10.8 that does not have Security Update 2014-001 applied. This update contains several security-related fixes for the following components : - Apache - App Sandbox - ATS - Certificate Trust Policy - CFNetwork Cookies - CoreAnimation - Date and Time - File Bookmark - ImageIO - IOSerialFamily - LaunchServices - NVIDIA Drivers - PHP - QuickLook - QuickTime - Secure Transport Note that successful exploitation of the most serious issues could result in arbitrary code execution.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 72688
    published 2014-02-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72688
    title Mac OS X Multiple Vulnerabilities (Security Update 2014-001) (BEAST)
  • NASL family CGI abuses
    NASL id PHP_5_3_28.NASL
    description According to its banner, the version of PHP installed on the remote host is 5.3.x prior to 5.3.28. It is, therefore, potentially affected by the following vulnerabilities : - A flaw exists in the PHP OpenSSL extension's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) - A memory corruption flaw exists in the way the openssl_x509_parse() function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious, self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function. This could cause the application to crash or possibly allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Note that this plugin does not attempt to exploit these vulnerabilities, but instead relies only on PHP's self-reported version number.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 71426
    published 2013-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71426
    title PHP 5.3.x < 5.3.28 Multiple OpenSSL Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_PYTHON-201402-140224.NASL
    description This update for Python fixes the following security issues : - SSL module does not handle certificates that contain hostnames with NULL bytes. (CVE-2013-4238). (bnc#834601) - Various stdlib read flaws. (CVE-2013-1752) Additionally, the following non-security issues have been fixed:. (bnc#856836) - Turn off OpenSSL's aggressive optimizations that conflict with Python's GC. (bnc#859068) - Setting fips=1 at boot time causes problems with Python due to MD5 usage. (bnc#847135)
    last seen 2019-02-21
    modified 2014-12-15
    plugin id 72873
    published 2014-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72873
    title SuSE 11.3 Security Update : python (SAT Patch Number 8892)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1137.NASL
    description Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Red Hat OpenShift Enterprise 1.2.2 are advised to upgrade to these updated packages, which resolve this issue.
    last seen 2019-02-21
    modified 2018-12-04
    plugin id 119342
    published 2018-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119342
    title RHEL 6 : ruby193-ruby (RHSA-2013:1137)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_RUBY-130708.NASL
    description Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 69168
    published 2013-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69168
    title SuSE 11.2 / 11.3 Security Update : ruby (SAT Patch Numbers 8026 / 8027)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-575.NASL
    description - fix cve-2013-4073 (bnc#827265) The fix_cve-2013-4073.patch contains the patch for cve-2013-4073 (bnc#827265) adapted from https://github.com/ruby/ruby/commit/2669b84d407ab431e965 145c827db66c91158f89
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75082
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75082
    title openSUSE Security Update : ruby19 (openSUSE-SU-2013:1181-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1090.NASL
    description Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 68941
    published 2013-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68941
    title CentOS 5 / 6 : ruby (CESA-2013:1090)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12663.NASL
    description - Update to Ruby 2.0.0-p247 (rhbz#979605). - Fix RubyGems search paths when building gems with native extension. - Make symlinks for psych gem to ruby stdlib dirs. - Add support for ABRT autoloading. - Better support for build without configuration (rhbz#977941). - Use system-wide cert.pem. - Fixes multilib conlicts of .gemspec files. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 68896
    published 2013-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68896
    title Fedora 19 : ruby-2.0.0.247-14.fc19 (2013-12663)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EBD877B97EF44375B1FDC67780581898.NASL
    description Ruby Developers report : Ruby's SSL client implements hostname identity check but it does not properly handle hostnames in the certificate that contain null bytes.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67251
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67251
    title FreeBSD : ruby -- Hostname check bypassing vulnerability in SSL client (ebd877b9-7ef4-4375-b1fd-c67780581898)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1090.NASL
    description Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 68944
    published 2013-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68944
    title RHEL 5 / 6 : ruby (RHSA-2013:1090)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1090.NASL
    description From Red Hat Security Advisory 2013:1090 : Updated ruby packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68976
    published 2013-07-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68976
    title Oracle Linux 5 / 6 : ruby (ELSA-2013-1090)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130717_RUBY_ON_SL5_X.NASL
    description A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 68946
    published 2013-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68946
    title Scientific Linux Security Update : ruby on SL5.x, SL6.x i386/srpm/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12062.NASL
    description A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 67334
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67334
    title Fedora 17 : ruby-1.9.3.448-31.fc17 (2013-12062)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-8639.NASL
    description Ruby failed to check hostnames correctly when setting up a SSL client connection. CVE-2013-4073 was assigned to this issue.
    last seen 2019-02-21
    modified 2013-08-20
    plugin id 69118
    published 2013-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69118
    title SuSE 10 Security Update : ruby (ZYPP Patch Number 8639)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-572.NASL
    description was updated to fix SSL hostname certification (CVE-2013-4073) (bnc#827265). https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91 158f89
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75079
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75079
    title openSUSE Security Update : ruby19 (openSUSE-SU-2013:1179-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1902-1.NASL
    description William (B.J.) Snow Orvis discovered that Ruby incorrectly verified the hostname in SSL certificates. An attacker could trick Ruby into trusting a rogue server certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 67224
    published 2013-07-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67224
    title Ubuntu 12.04 LTS / 12.10 / 13.04 : ruby1.8, ruby1.9.1 vulnerability (USN-1902-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2013-178-01.NASL
    description New ruby packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue.
    last seen 2018-09-01
    modified 2013-08-20
    plugin id 67009
    published 2013-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67009
    title Slackware 13.1 / 13.37 / 14.0 / current : ruby (SSA:2013-178-01)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-201.NASL
    description A vulnerability has been discovered and corrected in ruby : A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts (CVE-2013-4073). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 69089
    published 2013-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69089
    title Mandriva Linux Security Advisory : ruby (MDVSA-2013:201)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2738.NASL
    description Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1821 Ben Murphy discovered that unrestricted entity expansion in REXML can lead to a Denial of Service by consuming all host memory. - CVE-2013-4073 William (B.J.) Snow Orvis discovered a vulnerability in the hostname checking in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 69398
    published 2013-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69398
    title Debian DSA-2738-1 : ruby1.9.1 - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-12123.NASL
    description A vulnerability was found in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority. This vulnerability has been assigned the CVE identifier CVE-2013-4073. This new update should solve this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 67339
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67339
    title Fedora 18 : ruby-1.9.3.448-31.fc18 (2013-12123)
redhat via4
advisories
  • bugzilla
    id 979251
    title CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment ruby is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090002
          • comment ruby is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965003
        • AND
          • comment ruby-devel is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090004
          • comment ruby-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965013
        • AND
          • comment ruby-docs is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090006
          • comment ruby-docs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965017
        • AND
          • comment ruby-irb is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090008
          • comment ruby-irb is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965011
        • AND
          • comment ruby-libs is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090014
          • comment ruby-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965019
        • AND
          • comment ruby-mode is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090018
          • comment ruby-mode is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965005
        • AND
          • comment ruby-rdoc is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090016
          • comment ruby-rdoc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965007
        • AND
          • comment ruby-ri is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090012
          • comment ruby-ri is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965015
        • AND
          • comment ruby-tcltk is earlier than 0:1.8.5-31.el5_9
            oval oval:com.redhat.rhsa:tst:20131090010
          • comment ruby-tcltk is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070965009
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment ruby is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090024
          • comment ruby is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910006
        • AND
          • comment ruby-devel is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090026
          • comment ruby-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910016
        • AND
          • comment ruby-docs is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090030
          • comment ruby-docs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910012
        • AND
          • comment ruby-irb is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090034
          • comment ruby-irb is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910018
        • AND
          • comment ruby-libs is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090040
          • comment ruby-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910020
        • AND
          • comment ruby-rdoc is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090036
          • comment ruby-rdoc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910022
        • AND
          • comment ruby-ri is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090038
          • comment ruby-ri is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910014
        • AND
          • comment ruby-static is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090032
          • comment ruby-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910010
        • AND
          • comment ruby-tcltk is earlier than 0:1.8.7.352-12.el6_4
            oval oval:com.redhat.rhsa:tst:20131090028
          • comment ruby-tcltk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110910008
    rhsa
    id RHSA-2013:1090
    released 2013-07-17
    severity Moderate
    title RHSA-2013:1090: ruby security update (Moderate)
  • rhsa
    id RHSA-2013:1103
  • rhsa
    id RHSA-2013:1137
rpms
  • ruby-0:1.8.5-31.el5_9
  • ruby-devel-0:1.8.5-31.el5_9
  • ruby-docs-0:1.8.5-31.el5_9
  • ruby-irb-0:1.8.5-31.el5_9
  • ruby-libs-0:1.8.5-31.el5_9
  • ruby-mode-0:1.8.5-31.el5_9
  • ruby-rdoc-0:1.8.5-31.el5_9
  • ruby-ri-0:1.8.5-31.el5_9
  • ruby-tcltk-0:1.8.5-31.el5_9
  • ruby-0:1.8.7.352-12.el6_4
  • ruby-devel-0:1.8.7.352-12.el6_4
  • ruby-docs-0:1.8.7.352-12.el6_4
  • ruby-irb-0:1.8.7.352-12.el6_4
  • ruby-libs-0:1.8.7.352-12.el6_4
  • ruby-rdoc-0:1.8.7.352-12.el6_4
  • ruby-ri-0:1.8.7.352-12.el6_4
  • ruby-static-0:1.8.7.352-12.el6_4
  • ruby-tcltk-0:1.8.7.352-12.el6_4
refmap via4
apple APPLE-SA-2013-10-22-3
confirm
debian
  • DSA-2738
  • DSA-2809
suse
  • openSUSE-SU-2013:1181
  • openSUSE-SU-2013:1186
ubuntu USN-1902-1
Last major update 01-04-2014 - 02:22
Published 17-08-2013 - 22:52
Last modified 13-08-2018 - 17:47
Back to Top