Lucene search

FreeBSD76562594-1F19-11DB-B7D4-0008743BF21A

HistoryJul 12, 2006 - 12:00 a.m.

ruby -- multiple vulnerabilities

2006-07-1200:00:00

vuxml.freebsd.org

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.058

Percentile

93.4%

JSON

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can
be exploited by malicious people to bypass certain security
restrictions.

An error in the handling of the “alias” functionality
can be exploited to bypass the safe level protection and
replace methods called in the trusted level.
An error caused due to directory operations not being
properly checked can be exploited to bypass the safe
level protection and close untainted directory streams.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchruby< 1.8.*UNKNOWN
FreeBSDanynoarchruby_static< 1.8.*UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ruby	< 1.8.*	UNKNOWN
FreeBSD	any	noarch	ruby_static	< 1.8.*	UNKNOWN

References

jvn.jp/jp/JVN%2313947696/index.html

jvn.jp/jp/JVN%2383768862/index.html

secunia.com/advisories/21009/

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.058

Percentile

93.4%

JSON

Related for 76562594-1F19-11DB-B7D4-0008743BF21A