Lucene search

GoogleOSV:DSA-1139-1

HistoryAug 03, 2006 - 12:00 a.m.

ruby1.6 - missing privilege checks

2006-08-0300:00:00

Google

osv.dev

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

It was discovered that the interpreter for the Ruby language does not
properly maintain “safe levels” for aliasing, directory accesses and
regular expressions, which might lead to a bypass of security
restrictions.

For the stable distribution (sarge) this problem has been fixed in
version 1.6.8-12sarge2.

The unstable distribution (sid) does no longer contain ruby1.6 packages.

We recommend that you upgrade your Ruby packages.

CPENameOperatorVersion
ruby1.6eq1.6.8-12
ruby1.6eq1.6.8-12sarge1

CPE	Name	Operator	Version
	ruby1.6	eq	1.6.8-12
	ruby1.6	eq	1.6.8-12sarge1

References

www.debian.org/security/2006/dsa-1139

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

JSON

Related for OSV:DSA-1139-1