Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-1157
HistoryAug 27, 2006 - 12:00 a.m.

ruby1.8

2006-08-2700:00:00
Google
osv.dev
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

90.9%

JSON

Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may lead to the bypass of security restrictions or
denial of service. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2006-1931
    It was discovered that the use of blocking sockets can lead to denial
    of service.
  • CVE-2006-3964
    It was discovered that Ruby does not properly maintain “safe levels”
    for aliasing, directory accesses and regular expressions, which might
    lead to a bypass of security restrictions.

For the stable distribution (sarge) these problems have been fixed in
version 1.8.2-7sarge4.

For the unstable distribution (sid) these problems have been fixed in
version 1.8.4-3.

We recommend that you upgrade your Ruby packages.

Related

debian 1
openvas 4
nessus 6
cve 2
ubuntucve 1
ubuntu 1
centos 1
redhat 1
gentoo 1
prion 1
debian
debian
[SECURITY] [DSA 1157-1] New ruby1.8 packages fix several vulnerabilities
2006-08-27 19:51:21
openvas
openvas
Debian Security Advisory DSA 1157-1 (ruby1.8)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1157)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200605-11 (ruby)
2008-09-24 00:00:00
nessus
nessus
Debian DSA-1157-1 : ruby1.8 - several vulnerabilities
2006-10-14 00:00:00
RHEL 4 : ruby (RHSA-2006:0427)
2006-05-13 00:00:00
Ubuntu 4.10 / 5.04 / 5.10 : ruby1.8 vulnerability (USN-273-1)
2006-04-26 00:00:00
cve
cve
CVE-2006-3964
2006-08-01 22:04:00
CVE-2006-1931
2006-04-20 21:02:00
ubuntucve
ubuntucve
CVE-2006-1931
2006-04-20 00:00:00
ubuntu
ubuntu
Ruby vulnerability
2006-04-24 00:00:00
centos
centos
irb, ruby security update
2006-05-09 13:14:56
redhat
redhat
(RHSA-2006:0427) ruby security update
2006-05-09 00:00:00
gentoo
gentoo
Ruby: Denial of service
2006-05-10 00:00:00
prion
prion
Design/Logic Flaw
2006-04-20 21:02:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.041 Low

EPSS

Percentile

90.9%

JSON
Related for OSV:DSA-1157
debian1openvas4nessus6cve2ubuntucve1ubuntu1centos1redhat1gentoo1prion1