Ruby CGI模块 未明拒绝服务漏洞

漏洞信息详情

Ruby CGI模块 未明拒绝服务漏洞

• CNNVD编号：CNNVD-200503-018
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0983
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  2005-03-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  yukihiro_matsumoto
• 漏洞来源：
  This vulnerability…

远程攻击者可以借助Ruby 1.6.8之前的1.6版本和1.8.2之前的1.8版本中的CGI模块，通过特定HTTP请求实施拒绝服务攻击(无限循环和CPU消耗)。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：
Yukihiro Matsumoto Ruby 1.6
RedHat irb-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/irb-1.6.7-5.l egacy.i386.rpm
RedHat irb-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/irb-1.6.8-6.2.l egacy.i386.rpm
RedHat ruby-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-1.6.7-5. legacy.i386.rpm
RedHat ruby-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-1.6.8-6.2. legacy.i386.rpm
RedHat ruby-devel-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-devel-1. 6.7-5.legacy.i386.rpm
RedHat ruby-devel-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-devel-1.6. 8-6.2.legacy.i386.rpm
RedHat ruby-docs-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-docs-1.6 .7-5.legacy.i386.rpm
RedHat ruby-docs-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-docs-1.6.8 -6.2.legacy.i386.rpm
RedHat ruby-libs-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-libs-1.6 .7-5.legacy.i386.rpm
RedHat ruby-libs-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-libs-1.6.8 -6.2.legacy.i386.rpm
RedHat ruby-mode-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-1.6 .7-5.legacy.i386.rpm
RedHat ruby-mode-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-mode-1.6.8 -6.2.legacy.i386.rpm
RedHat ruby-mode-xemacs-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-mode-xem acs-1.6.7-5.legacy.i386.rpm
RedHat ruby-tcltk-1.6.7-5.legacy.i386.rpm
RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/ruby-tcltk-1. 6.7-5.legacy.i386.rpm
RedHat ruby-tcltk-1.6.8-6.2.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/ruby-tcltk-1.6. 8-6.2.legacy.i386.rpm

来源: BID
名称: 11618
链接:http://www.securityfocus.com/bid/11618

来源: XF
名称: ruby-cgi-dos(17985)
链接:http://xforce.iss.net/xforce/xfdb/17985

来源: UBUNTU
名称: USN-20-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-20-1

来源: REDHAT
名称: RHSA-2004:635
链接:http://www.redhat.com/support/errata/RHSA-2004-635.html

来源: DEBIAN
名称: DSA-586
链接:http://www.debian.org/security/2004/dsa-586

来源: MANDRAKE
名称: MDKSA-2004:128
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:128