Sha256: adede829408b3e31f67176ab31e764e81e2f7b751275511c985402784766eb88
Contents?: true
Size: 1.83 KB
Versions: 19
Compression:
Stored size: 1.83 KB
Contents
module Dawn
module Kb
class CVE_2011_0995_a
include DependencyCheck
def initialize
message = "CVE-2011:0995: sqlite3 gem version 1.2.4 is vulnerable"
super({
:name=>"CVE-2011-0995_a",
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
})
self.safe_dependencies = [{:name=>"sqlite3", :version=>['1.2.4']}]
end
end
class CVE_2011_0995_b
include OperatingSystemCheck
def initialize
message = "CVE-2011-0995: sqlite3 gem is vulnerable only in SuSE 11 sp1"
super({
:name=>"CVE-2011-0995_b",
:kind=>Dawn::KnowledgeBase::OS_CHECK,
})
self.safe_os = [{:family=>"linux", :vendor=>"suse", :version=>['11sp2']}]
end
end
# Automatically created with rake on 2013-07-10
class CVE_2011_0995
include ComboCheck
def initialize
message = "The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors."
super({
:name=>"CVE-2011-0995",
:cvss=>"AV:L/AC:L/Au:N/C:N/I:P/A:N",
:release_date => Date.new(2011, 5, 13),
:cwe=>"264",
:owasp=>"A9",
:applies=>["sinatra", "padrino", "rails"],
:kind=>Dawn::KnowledgeBase::COMBO_CHECK,
:message=>message,
:mitigation=>"Please upgrade rails version at least to 2.3.15, 3.2.5, 3.1.5 or 3.0.13. As a general rule, using the latest stable rails version is recommended.",
:aux_links=>["http://support.novell.com/security/cve/CVE-2011-0995.html"],
:checks=>[CVE_2011_0995_a.new, CVE_2011_0995_b.new]
})
end
end
end
end
Version data entries
19 entries across 19 versions & 1 rubygems