exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2012-2126

Status Candidate

Overview

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

Related Files

Red Hat Security Advisory 2013-1852-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1852-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287, CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, CVE-2013-4461
SHA-256 | 408e9dced4a78063d46a3c5ad841cd1da280aba9d71105691fed772205ec9fe9
Red Hat Security Advisory 2013-1851-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1851-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287, CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, CVE-2013-4461
SHA-256 | 2052be0f7c8339b1c51ce9226e2c8cb26ff56c810deb0045d626a93fea5dbe68
Red Hat Security Advisory 2013-1441-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1441-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287
SHA-256 | 4811c2f7acdc88278b99eb1119ea9720d67c46f47d011629c428a0165fbb30cb
Red Hat Security Advisory 2013-1203-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1203-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126
SHA-256 | 98bd5acd03320da5d6dee11a77fed60af3d34bcc0358ced0aa99427404e73579
Ubuntu Security Notice USN-1582-1
Posted Sep 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1582-1 - John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2012-2126, CVE-2012-2125, CVE-2012-2125, CVE-2012-2126
SHA-256 | 79ecf56741b091d23384f3f0b01eeb591f87183b1b2b9abd751baebc340bbc94
Ubuntu Security Notice USN-1583-1
Posted Sep 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1583-1 - It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2011-1005, CVE-2012-2126, CVE-2012-2125, CVE-2011-1005, CVE-2012-2125, CVE-2012-2126
SHA-256 | 17fa3254c34e95071e1984fe7299767f8f45689233b1ca111a2fbb55a2aee4c5
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close