scip AG

NASLDB: FreeBSD : rubygem-rails -- multiple vulnerabilities (31db9a18-e289-11e1-a57d-080027a27dbf)

General

ID: 61480
Name: FreeBSD : rubygem-rails — multiple vulnerabilities (31db9a18-e289-11e1-a57d-080027a27dbf)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Rails core team reports :

This version contains three important security fixes, please upgrade
immediately.

One of security fixes impacts all users and is related to HTML
escaping code. The other two fixes impacts people using select_tag’s
prompt option and strip_tags helper from ActionPack.

CVE-2012-3463 Potential XSS Vulnerability in select_tag prompt.

CVE-2012-3464 Potential XSS Vulnerability in the HTML escaping code.

CVE-2012-3465 XSS Vulnerability in strip_tags.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3463
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/08/08
Patch Release: 2012/08/10
Plugin Release: 2012/08/10

Plugin

Version: 1.2
Filename: freebsd_pkg_31db9a18e28911e1a57d080027a27dbf.nasl
Filesize: 5312 bytes
MD5 Hash: 57d23ce67ae75d3d5b5bb31a3d335bfc

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

Letzte Plugins

• Letzte Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archiv
• scip VulDB
• Syndication
  • RSS
  • Twitter