the original cloud security
Showing 1 - 6 of 6 RSS Feed

CVE-2012-2126

Status Candidate

Overview

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

Related Files

Red Hat Security Advisory 2013-1852-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1852-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287, CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, CVE-2013-4461
MD5 | 3be25d0169168dcfe03910b595d8aa09
Red Hat Security Advisory 2013-1851-01
Posted Dec 18, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1851-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Grid provides high-throughput computing and enables enterprises to achieve higher peak computing capacity as well as improved infrastructure utilization by leveraging their existing technology to build high performance grids. MRG Grid provides a job-queueing mechanism, scheduling policy, and a priority scheme, as well as resource monitoring and resource management. Users submit their jobs to MRG Grid, where they are placed into a queue. MRG Grid then chooses when and where to run the jobs based upon a policy, carefully monitors their progress, and ultimately informs the user upon completion.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287, CVE-2013-4404, CVE-2013-4405, CVE-2013-4414, CVE-2013-4461
MD5 | 87b7eeb247216e1b35657a2e87a13653
Red Hat Security Advisory 2013-1441-01
Posted Oct 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1441-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126, CVE-2013-4287
MD5 | d5237acfdbe6115690e438c89c5b3f95
Red Hat Security Advisory 2013-1203-01
Posted Sep 4, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1203-01 - RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2012-2125, CVE-2012-2126
MD5 | a6e45eb5d38b511534bf7087ad2e8b90
Ubuntu Security Notice USN-1582-1
Posted Sep 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1582-1 - John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. John Firebaugh discovered that the RubyGems remote gem fetcher allowed redirection from HTTPS to HTTP. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2012-2126, CVE-2012-2125, CVE-2012-2125, CVE-2012-2126
MD5 | 0de9fe3c27307b40846effef8b8577ea
Ubuntu Security Notice USN-1583-1
Posted Sep 26, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1583-1 - It was discovered that Ruby incorrectly allowed untainted strings to be modified in protective safe levels. An attacker could use this flaw to bypass intended access restrictions. John Firebaugh discovered that the RubyGems remote gem fetcher did not properly verify SSL certificates. A remote attacker could exploit this to perform a man in the middle attack to alter gem files being downloaded for installation. Various other issues were also addressed.

tags | advisory, remote, ruby
systems | linux, ubuntu
advisories | CVE-2011-1005, CVE-2012-2126, CVE-2012-2125, CVE-2011-1005, CVE-2012-2125, CVE-2012-2126
MD5 | 6b766756fec0cb16ba8c38d13038e459
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close