Yukihiro Matsumoto Ruby多个SAFE等级限制绕过漏洞

漏洞信息详情

Yukihiro Matsumoto Ruby多个SAFE等级限制绕过漏洞

• CNNVD编号：CNNVD-200607-328
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2006-3694
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2006-07-21
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-15
  
• 厂        商：
  
  yukihiro_matsumoto
• 漏洞来源：
  The vendor reporte…

Ruby 1.8.5之前版本存在多个未明漏洞。远程攻击者可以借助与(1)alias函数和(2)\”目录操作\”有关的未明向量，绕过\”安全等级\”检查。

Yukihiro Matsumoto Ruby 1.6

• Debian irb1.6_1.6.8-12sarge2_all.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge2_all.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12

  http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge2_all.deb“>
  sarge2_all.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_alpha.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_alpha.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_alpha.deb“>
  .6_1.6.8-12sarge2_alpha.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_amd64.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_amd64.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_amd64.deb“>
  .6_1.6.8-12sarge2_amd64.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_arm.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_arm.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_arm.deb“>
  .6_1.6.8-12sarge2_arm.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_hppa.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_hppa.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_hppa.deb“>
  .6_1.6.8-12sarge2_hppa.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_i386.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_i386.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_i386.deb“>
  .6_1.6.8-12sarge2_i386.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_ia64.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_ia64.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_ia64.deb“>
  .6_1.6.8-12sarge2_ia64.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_m68k.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_m68k.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_m68k.deb“>
  .6_1.6.8-12sarge2_m68k.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_mips.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mips.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mips.deb“>
  .6_1.6.8-12sarge2_mips.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_mipsel.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mipsel.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_mipsel.deb“>
  .6_1.6.8-12sarge2_mipsel.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_powerpc.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_powerpc.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_powerpc.deb“>
  .6_1.6.8-12sarge2_powerpc.deb

• Debian libcurses-ruby1.6_1.6.8-12sarge2_s390.debDebian GNU/Linux 3.1 alias sarge

  http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge2_s390.deb“>
  http://security.debian.org/pool/updates/main/r/ruby1.6/l

  
  

链接:http://www.ubuntu.com/usn/usn-325-1

来源: BID

名称: 18944

链接:http://www.securityfocus.com/bid/18944

来源: REDHAT

名称: RHSA-2006:0604

链接:http://www.redhat.com/support/errata/RHSA-2006-0604.html

来源: VUPEN

名称: ADV-2006-2760

链接:http://www.frsirt.com/english/advisories/2006/2760

来源: DEBIAN

名称: DSA-1139

链接:http://www.debian.org/security/2006/dsa-1139

来源: SECUNIA

名称: 21337

链接:http://secunia.com/advisories/21337

来源: SECUNIA

名称: 21272

链接:http://secunia.com/advisories/21272

来源: SECUNIA

名称: 21236

链接:http://secunia.com/advisories/21236

来源: SECUNIA

名称: 21233

链接:http://secunia.com/advisories/21233

来源: SECUNIA

名称: 21009

链接:http://secunia.com/advisories/21009

来源: MANDRIVA

名称: MDKSA-2006:134

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:134

来源: XF

名称: ruby-alias-directory-security-bypass(27725)

链接:http://xforce.iss.net/xforce/xfdb/27725

来源: OSVDB

名称: 27145

链接:http://www.osvdb.org/27145

来源: OSVDB

名称: 27144

链接:http://www.osvdb.org/27144

来源: SUSE

名称: SUSE-SR:2006:021

链接:http://www.novell.com/linux/security/advisories/2006_21_sr.html

来源: MANDRIVA

名称: MDKSA-2006:134

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:134

来源: DEBIAN

名称: DSA-1157

链接:http://www.debian.org/security/2006/dsa-1157

来源: SECUNIA

名称: 21749

链接:http://secunia.com/advisories/21749

来源: SECUNIA

名称: 21657

链接:http://secunia.com/advisories/21657

来源: SECUNIA

名称: 21598

链接:http://secunia.com/advisories/21598

来源: MLIST

名称: [freebsd-security] 20060730 Ruby vulnerability?

链接:http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html

来源: MLIST

名称: [freebsd-security] 20060728 Ruby vulnerability?

链接:http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html

来源: JVN

名称: JVN#83768862

链接:http://jvn.jp/jp/JVN%2383768862/index.html

来源: JVN

名称: JVN#13947696

链接:http://jvn.jp/jp/JVN%2313947696/index.html

来源: SGI

名称: 20060801-01-P

链接:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P