漏洞信息详情
Ruby XMLRPC服务器拒绝服务漏洞
- CNNVD编号:CNNVD-200604-376
- 危害等级: 中危
- CVE编号:
CVE-2006-1931
- 漏洞类型:
设计错误
- 发布时间:
2006-04-20
- 威胁类型:
远程
- 更新时间:
2006-04-24
- 厂 商:
yukihiro_matsumoto - 漏洞来源:
This issue was rep… -
漏洞简介
Ruby 1.8.2之前的HTTP/XMLRPC服务器使用阻塞套接字。这使得攻击者可以借助于大量数据造成拒绝服务(阻塞连接) 。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Yukihiro Matsumoto Ruby 1.6
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.6.7
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.8
Ubuntu irb1.8_1.8.1+1.8.2pre2-3ubuntu0.4_all.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre2-3ubuntu0.4_all.deb
Ubuntu irb1.8_1.8.1+1.8.2pre4-1ubuntu0.3_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre4-1ubuntu0.3_all.deb
Ubuntu irb1.8_1.8.2-9ubuntu1.1_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.2 -9ubuntu1.1_all.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http:/
参考网址
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
来源: MISC
链接:http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
来源: MISC
链接:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
来源: XF
名称: ruby-socket-dos(26102)
链接:http://xforce.iss.net/xforce/xfdb/26102
来源: UBUNTU
名称: USN-273-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-273-1
来源: BID
名称: 17645
链接:http://www.securityfocus.com/bid/17645
来源: REDHAT
名称: RHSA-2006:0427
链接:http://www.redhat.com/support/errata/RHSA-2006-0427.html
来源: OSVDB
名称: 24972
来源: SUSE
名称: SUSE-SR:2006:012
链接:http://www.novell.com/linux/security/advisories/2006-06-02.html
来源: MANDRIVA
名称: MDKSA-2006:079
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:079
来源: GENTOO
名称: GLSA-200605-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml
来源: DEBIAN
名称: DSA-1157
链接:http://www.debian.org/security/2006/dsa-1157
来源: SECTRACK
名称: 1015978
链接:http://securitytracker.com/id?1015978
来源: SECUNIA
名称: 21657
链接:http://secunia.com/advisories/21657
来源: SECUNIA
名称: 20457
链接:http://secunia.com/advisories/20457
来源: SECUNIA
名称: 20064
链接:http://secunia.com/advisories/20064
来源: SECUNIA
名称: 20024
链接:http://secunia.com/advisories/20024
来源: SECUNIA
名称: 19804
链接:http://secunia.com/advisories/19804
来源: SECUNIA
名称: 19772
链接:http://secunia.com/advisories/19772
来源: SECUNIA
名称: 16904
链接:http://secunia.com/advisories/16904
来源: MANDRIVA
名称: MDKSA-2006:079
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:079
来源: MISC
链接:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch