漏洞信息详情
Ruby Libraries SSL 验证错误漏洞
- CNNVD编号:CNNVD-200711-160
- 危害等级: 中危
![图片[1]-Ruby Libraries SSL 验证错误漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-5770
- 漏洞类型:
授权问题
- 发布时间:
2007-11-13
- 威胁类型:
远程
- 更新时间:
2007-11-14
- 厂 商:
ruby-lang - 漏洞来源:
Akira Tagoh -
漏洞简介
Ruby 1.8.5 和1.8.6中的(1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop,以及(5) Net::smtp libraries 在无法验证通过SSL发送的域名请求中commonName(Cn)字段在服务器证书匹配,更易于远程攻击者借助一个 中间人攻击或者欺骗性网点拦截SSL传送。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Apple Mac OS X 10.4.11
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=
1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=
1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X Server 10.4.11
Apple Security Update 2007-009 (10.4.11 PPC)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=
1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Security Update 2007-009 (10.4.11 Universal)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16521&cat=
1&platform=osx&method=sa/SecUpd2007-009Univ.dmg
Apple Mac OS X 10.5.1
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=
1&platform=osx&method=sa/SecUpd2007-009.dmg
Apple Mac OS X Server 10.5.1
Apple Security Update 2007-009 (10.5.1)
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16527&cat=
1&platform=osx&method=sa/SecUpd2007-009.dmg
参考网址
来源: US-CERT
名称: TA07-352A
链接:http://www.us-cert.gov/cas/techalerts/TA07-352A.html
来源: REDHAT
名称: RHSA-2007:0965
链接:http://www.redhat.com/support/errata/RHSA-2007-0965.html
来源: SECUNIA
名称: 27673
链接:http://secunia.com/advisories/27673
来源: MISC
链接:https://bugzilla.redhat.com/show_bug.cgi?id=362081
来源: SECTRACK
名称: 1018938
链接:http://www.securitytracker.com/id?1018938
来源: BID
名称: 26421
链接:http://www.securityfocus.com/bid/26421
来源: REDHAT
名称: RHSA-2007:0961
链接:http://www.redhat.com/support/errata/RHSA-2007-0961.html
来源: SUSE
名称: SUSE-SR:2007:024
链接:http://www.novell.com/linux/security/advisories/2007_24_sr.html
来源: MANDRIVA
名称: MDVSA-2008:029
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:029
来源: VUPEN
名称: ADV-2007-4238
链接:http://www.frsirt.com/english/advisories/2007/4238
来源: DEBIAN
名称: DSA-1412
链接:http://www.debian.org/security/2007/dsa-1412
来源: DEBIAN
名称: DSA-1411
链接:http://www.debian.org/security/2007/dsa-1411
来源: DEBIAN
名称: DSA-1410
链接:http://www.debian.org/security/2007/dsa-1410
来源: svn.ruby-lang.org
链接:http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656
来源: SECUNIA
名称: 28645
链接:http://secunia.com/advisories/28645
来源: SECUNIA
名称: 28136
链接:http://secunia.com/advisories/28136
来源: SECUNIA
名称: 27818
链接:http://secunia.com/advisories/27818
来源: SECUNIA
名称: 27769
链接:http://secunia.com/advisories/27769
来源: SECUNIA
名称: 27764
链接:http://secunia.com/advisories/27764
来源: SECUNIA
名称: 27756
链接:http://secunia.com/advisories/27756
来源: SECUNIA
名称: 27576
链接:http://secunia.com/advisories/27576
来源: SECUNIA
名称: 26985
链接:http://secunia.com/advisories/26985
来源: APPLE
名称: APPLE-SA-2007-12-17
链接:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
来源: docs.info.apple.com
链接:http://docs.info.apple.com/article.html?artnum=307179
来源: UBUNTU
名称: USN-596-1
链接:http://www.ubuntu.com/usn/usn-596-1
来源: SECUNIA
名称: 29556
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
