codesake-dawn 0.72 → 0.75

data/lib/codesake/dawn/kb/cve_2010_1330.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-09
+			class CVE_2010_1330
+				include RubyVersionCheck
+
+				def initialize
+           message="The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
+           super({
+            :name=>"CVE-2010-1330",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2012, 11, 23),
+            :cwe=>"79",
+            :owasp=>"A3", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+            :message=>message,
+            :mitigation=>"Upgrade your jruby interpreter",
+            :aux_links=>["http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"]
+          })
+
+          self.safe_rubies = [{:engine=>"jruby", :version=>"1.4.2", :patchlevel=>"p0"}]
+
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2011_0446.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-09
+			class CVE_2011_0446
+				include DependencyCheck
+
+				def initialize
+          message = "Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value. Please note that victim must voluntarily interact with attack mechanism"
+
+          super({
+            :name=>"CVE-2011-0446",
+            :cvss=>"AV:N/AC:M/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2011, 2, 14),
+            :cwe=>"79",
+            :owasp=>"A3", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 2.3.11 or 3.0.4 or higher. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["http://groups.google.com/group/rubyonrails-security/msg/365b8a23b76a6b4a?dmode=source&output=gplain"]
+          })
+
+          self.safe_dependencies = [{:name=>"rails", :version=>['2.3.12', '3.0.5']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2011_0995.rb

@@ -0,0 +1,63 @@
+module Codesake
+	module Dawn
+		module Kb
+
+      class CVE_2011_0995_a
+
+        include DependencyCheck
+
+				def initialize
+          message = "CVE-2011:0995: sqlite3 gem version 1.2.4 is vulnerable"
+
+          super({
+            :name=>"CVE-2011-0995_a",
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          })
+
+          self.safe_dependencies = [{:name=>"sqlite3", :version=>['1.2.4']}]
+				end
+      end
+
+      class CVE_2011_0995_b
+        include OperatingSystemCheck
+
+				def initialize
+          message = "CVE-2011-0995: sqlite3 gem is vulnerable only in SuSE 11 sp1"
+
+          super({
+            :name=>"CVE-2011-0995_b",
+            :kind=>Codesake::Dawn::KnowledgeBase::OS_CHECK,
+          })
+
+          self.safe_os = [{:family=>"linux", :vendor=>"suse", :version=>['11sp2']}]
+
+				end
+      end
+
+			# Automatically created with rake on 2013-07-10
+			class CVE_2011_0995
+				include ComboCheck
+
+				def initialize
+          message = "The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors."
+
+          super({
+            :name=>"CVE-2011-0995",
+            :cvss=>"AV:L/AC:L/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2011, 5, 13),
+            :cwe=>"264",
+            :owasp=>"A9", 
+            :applies=>["sinatra", "padrino", "rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 2.3.15, 3.2.5, 3.1.5 or 3.0.13. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["http://support.novell.com/security/cve/CVE-2011-0995.html"],
+            :checks=>[CVE_2011_0995_a.new, CVE_2011_0995_b.new]
+          })
+
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2011_2929.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-12
+			class CVE_2011_2929
+				include DependencyCheck
+
+				def initialize
+          message = "The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a \"filter skipping vulnerability.\""
+          super({
+            :name=>"CVE-2011-2929",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2011, 8, 29),
+            :cwe=>"20",
+            :owasp=>"A9", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 3.1.0 or 3.0.10. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552"]
+          })
+
+          self.safe_dependencies = [{:name=>"rails", :version=>['3.1.0', '3.0.10']}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2011_4815.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-12
+			class CVE_2011_4815
+				include RubyVersionCheck
+
+				def initialize
+          message = "Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table."
+          super({
+            :name=>"CVE-2011-4815",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:C",
+            :release_date => Date.new(2011, 12, 30),
+            :cwe=>"20",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+            :message=>message,
+            :mitigation=>"Upgrade your ruby to latest available version",
+            :aux_links=>["http://www.ruby-lang.org/en/news/2011/12/28/denial-of-service-attack-was-found-for-rubys-hash-algorithm/"]
+          })
+
+          self.safe_rubies = [{:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p357"}]
+
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2012_3424.rb

@@ -0,0 +1,31 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-12
+			class CVE_2012_3424
+				include DependencyCheck
+
+				def initialize
+          message = "The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentication strings to symbols, which allows remote attackers to cause a denial of service by leveraging access to an application that uses a with_http_digest helper method, as demonstrated by the authenticate_or_request_with_http_digest method."
+
+           super({
+            :name=>"CVE-2012-3424",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:N/A:P",
+            :release_date => Date.new(2012, 8, 8),
+            :cwe=>"287",
+            :owasp=>"A9", 
+            :applies=>["rails"],
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :message=>message,
+            :mitigation=>"Please upgrade rails version at least to 3.0.16, 3.1.7 or 3.2.7. As a general rule, using the latest stable rails version is recommended.",
+            :aux_links=>["https://groups.google.com/group/rubyonrails-security/msg/244d32f2fa25147d?hl=en&dmode=source&output=gplain"]
+          })
+
+          self.safe_dependencies = [{:name=>"rails", :version=>['3.0.16', '3.1.7', '3.2.7']}]
+
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2012_4522.rb

@@ -0,0 +1,29 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-15
+			class CVE_2012_4522
+				include RubyVersionCheck
+
+				def initialize
+          message = "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path."
+           super({
+            :name=>"CVE-2012-4522",
+            :cvss=>"AV:N/AC:L/Au:N/C:N/I:P/A:N",
+            :release_date => Date.new(2012, 11, 24),
+            :cwe=>"264",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+            :message=>message,
+            :mitigation=>"Upgrade ruby interpreter to latest 1.9.3 patchset or even better use ruby 2.x",
+            :aux_links=>["http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/"]
+          })
+
+          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p286"}, {:engine=>"ruby", :version=>"2.0.0", :patchlevel=>"p0"}]
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2012_5380.rb

@@ -0,0 +1,30 @@
+module Codesake
+	module Dawn
+		module Kb
+			# Automatically created with rake on 2013-07-15
+			class CVE_2012_5380
+				include RubyVersionCheck
+
+				def initialize
+          message = "** DISPUTED ** Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the \"IKE and AuthIP IPsec Keying Modules\" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation."
+           super({
+            :name=>"CVE-2012-5380",
+            :cvss=>"AV:L/AC:H/Au:S/C:C/I:C/A:C",
+            :release_date => Date.new(2012, 10, 11),
+            :cwe=>"426",
+            :owasp=>"A9", 
+            :applies=>["rails", "sinatra", "padrino"],
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+            :message=>message,
+            :mitigation=>"Upgrade ruby to the latest 1.9.3 patch or even better use ruby 2.x",
+            :aux_links=>["https://www.htbridge.com/advisory/HTB23108"]
+          })
+
+          self.safe_rubies = [{:engine=>"ruby", :version=>"1.9.3", :patchlevel=>"p195"}]
+
+
+				end
+			end
+		end
+	end
+end

data/lib/codesake/dawn/kb/cve_2013_1655.rb

@@ -1,12 +1,50 @@
 module Codesake
 	module Dawn
 		module Kb
-			# Automatically created with rake on 2013-05-20
-			class CVE_2013_1655
+
+      class CVE_2013_1655_a
+
 				include DependencyCheck
 
-				def initialize
-          message = "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\""
+        def initialize
+          message = "CVE-2013-1655: puppet versions 2.7.21 and 3.1.1 are vulnerable"
+
+          super({
+            :name=>"CVE-2013-1655_a",
+            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+          })
+
+          self.safe_dependencies = [{:name=>"puppet", :version=>['2.7.21', '3.1.1']}]
+        end
+      end
+
+      class CVE_2013_1655_b
+
+        include RubyVersionCheck
+
+        def initialize
+          message = "CVE-2013-1655: puppet versions 2.7.21 and 3.1.1 are vulnerable only when running ruby 1.9.3 and 2.0.2"
+
+          super({
+            :name=>"CVE-2013-1655_b",
+            :kind=>Codesake::Dawn::KnowledgeBase::RUBY_VERSION_CHECK,
+          })
+
+          self.safe_rubies = [
+            {:engine=>"ruby", :version=>"1.8.7", :patchlevel=>"p357"},
+            {:engine=>"ruby", :version=>"1.9.4", :patchlevel=>"p0"},
+            {:engine=>"ruby", :version=>"2.0.1", :patchlevel=>"p0"}]
+        end
+      end
+
+      class CVE_2013_1655
+
+        include ComboCheck
+
+        def initialize
+          message = "Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when
+          running Ruby 1.9.3 or later, allows remote attackers to execute
+          arbitrary code via vectors related to \"serialized attributes.\""
 
           super({
             :name=>"CVE-2013-1655",
@@ -15,17 +53,15 @@ module Codesake
             :cwe=>"20",
             :owasp=>"A9", 
             :applies=>["rails", "sinatra", "padrino"],
-            :kind=>Codesake::Dawn::KnowledgeBase::DEPENDENCY_CHECK,
+            :kind=>Codesake::Dawn::KnowledgeBase::COMBO_CHECK,
             :message=>message,
             :mitigation=>"Please upgrade puppet gem to a newer version",
             :aux_links=>["https://puppetlabs.com/security/cve/cve-2013-1655/"],
-            :ruby_vulnerable_versions =>['1.9.3', '2.0.0']
+            :checks=>[CVE_2013_1655_a.new, CVE_2013_1655_b.new]
           })
 
-          self.safe_dependencies = [{:name=>"puppet", :version=>['2.7.21', '3.1.1']}]
-
-				end
-			end
-		end
-	end
+        end
+      end
+    end
+  end
 end

data/lib/codesake/dawn/kb/dependency_check.rb

@@ -48,6 +48,8 @@ module Codesake
 
           self.evidences << message unless message.empty?
 
+          @status = ret
+
           ret
         end
       end

data/lib/codesake/dawn/kb/operating_system_check.rb

@@ -0,0 +1,97 @@
+module Codesake
+  module Dawn
+    module Kb
+      module OperatingSystemCheck
+        include BasicCheck
+
+        # safe_os is an Hash with this form {:family=>"", :vendor=>"", :version=>""}
+        #
+        # family can be one of the following:
+        #   "linux"
+        #   "windows"
+        #   "unix"
+        #   "osx"
+        #   "freebsd"
+        #   "netbsd"
+        #   "openbsd"
+        #   "unknown"
+        # vendor will be either "microsoft", "apple", unix flavour or linux distribution accordingly
+        attr_accessor :safe_os
+        attr_accessor :target_os
+
+
+        def initialize(options={})
+          super(options)
+          os_detect
+        end
+
+        def vuln?
+          
+          return false if different_family? 
+          return false if different_vendor?
+          return vulnerable_os?
+        end
+
+        def different_family?
+          ret = false
+          @safe_os.each do |sos|
+            ret = true if ! ret and sos[:family] == @target_os[:family]
+          end
+          ret
+        end
+
+        def different_vendor?
+          ret = false
+          @safe_os.each do |sos|
+            ret = true if ! ret and sos[:vendor] == @target_os[:vendor]
+          end
+          ret
+        end
+
+        def vulnerable_os?
+          ret = false
+          @safe_os.each do |sos|
+            ret = true if ! ret and is_vulnerable_version?(@target_os[:family], sos[:version])
+          end
+          ret
+        end
+
+        
+        def os_detect
+          platform = RUBY_PLATFORM
+
+          @target_os = {}
+
+          @target_os[:family] = "osx"; @target_os[:vendor]="apple" unless /darwin/.match(platform).nil?
+          @target_os[:family] = "windows"; @target_os[:vendor]="microsoft" unless /win32/.match(platform).nil?
+          @target_os[:family] = "linux" unless /linux/.match(platform).nil?
+          @target_os[:family] = "unix"; @target_os[:vendor]="freebsd" unless /freebsd/.match(platform).nil?
+          @target_os[:family] = "unix"; @target_os[:vendor]="openbsd" unless /openbsd/.match(platform).nil?
+          @target_os[:family] = "unix"; @target_os[:vendor]="netbsd" unless /netbsd/.match(platform).nil?
+
+          begin 
+            require 'sys/uname'
+            @target_os[:version]= [Sys::Uname.release]
+          rescue # otherwise use shell
+            @target_os[:version] = [`uname -r`.strip]
+          end
+
+          tmp = ""
+          if File.exist?("/etc/SuSE-release")
+            tmp = File.readlines("/etc/SuSE-release"); 
+            @target_os[:vendor]="suse" 
+          end
+
+          if File.exist?("/etc/redhat_release")
+            tmp = File.readlines("/etc/redhat_release"); 
+            @target_os[:vendor]="redhat" 
+          end
+          if File.exist?("/etc/debian_release")
+            tmp = File.readlines("/etc/debian_release");
+            @target_os[:vendor]="debian" 
+          end
+        end
+      end
+    end
+  end
+end