ID RHSA-2006:0729 Type redhat Reporter RedHat Modified 2018-03-14T19:26:41
Description
Ruby is an interpreted scripting language for object-oriented programming.
A flaw was discovered in the way Ruby's CGI module handles certain
multipart/form-data MIME data. If a remote attacker sends a specially
crafted multipart-form-data request, it is possible to cause the ruby
CGI script to enter an infinite loop, causing a denial of service.
(CVE-2006-5467)
Users of Ruby should upgrade to these updated packages which contain
backported patches and are not vulnerable to these issues.
{"result": {"cve": [{"id": "CVE-2006-5467", "type": "cve", "title": "CVE-2006-5467", "description": "The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier that begins with a \"-\" instead of \"--\" and contains an inconsistent ID.", "published": "2006-10-27T14:07:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5467", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-11T11:06:50"}], "nessus": [{"id": "ORACLELINUX_ELSA-2006-0729.NASL", "type": "nessus", "title": "Oracle Linux 3 : ruby (ELSA-2006-0729)", "description": "From Red Hat Security Advisory 2006:0729 :\n\nUpdated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2013-07-12T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67420", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:43:03"}, {"id": "CENTOS_RHSA-2006-0729.NASL", "type": "nessus", "title": "CentOS 3 / 4 : ruby (CESA-2006:0729)", "description": "Updated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2009-04-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=37153", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:36:17"}, {"id": "DEBIAN_DSA-1235.NASL", "type": "nessus", "title": "Debian DSA-1235-1 : ruby1.8 - denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.", "published": "2006-12-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23848", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:39:03"}, {"id": "GENTOO_GLSA-200611-12.NASL", "type": "nessus", "title": "GLSA-200611-12 : Ruby: Denial of Service vulnerability", "description": "The remote host is affected by the vulnerability described in GLSA-200611-12 (Ruby: Denial of Service vulnerability)\n\n Zed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user.\n Impact :\n\n The vulnerability can be exploited by sending the cgi.rb library an HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier beginning with '-' instead of '--'. Successful exploitation of the vulnerability causes the library to go into an infinite loop waiting for additional nonexistent input.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-11-22T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23706", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:46:00"}, {"id": "SUSE_RUBY-2224.NASL", "type": "nessus", "title": "SuSE 10 Security Update : ruby (ZYPP Patch Number 2224)", "description": "A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)", "published": "2007-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=29571", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:38:00"}, {"id": "SUSE_RUBY-2219.NASL", "type": "nessus", "title": "openSUSE 10 Security Update : ruby (ruby-2219)", "description": "A denial of service problem in the CGI multipart parsing of 'ruby' was fixed, which could have allowed remote attackers to affect a denial of service attack against ruby based webservices. (CVE-2006-5467)", "published": "2007-10-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=27422", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:39:56"}, {"id": "REDHAT-RHSA-2006-0729.NASL", "type": "nessus", "title": "RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0729)", "description": "Updated ruby packages that fix a denial of service issue for the CGI instance are now available.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nRuby is an interpreted scripting language for object-oriented programming.\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service.\n(CVE-2006-5467)\n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.", "published": "2006-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23679", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:38:53"}, {"id": "FREEBSD_PKG_AB8DBE986BE411DBAE910012F06707F0.NASL", "type": "nessus", "title": "FreeBSD : ruby -- cgi.rb library Denial of Service (ab8dbe98-6be4-11db-ae91-0012f06707f0)", "description": "Official ruby site reports :\n\nA vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS). The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and as an invalid boundary specifier that begins with '-' instead of '--'.\nOnce triggered it will exhaust all available memory resources effectively creating a DoS condition.", "published": "2006-11-06T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22938", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-29T13:39:10"}, {"id": "ORACLELINUX_ELSA-2006-0604.NASL", "type": "nessus", "title": "Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729)", "description": "Updated ruby packages that fix security issues are now available. \n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team. \n\nRuby is an interpreted scripting language for object-oriented programming. \n\nUsers of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. \n\n\nFrom Red Hat Security Advisory 2006:0604 :\n\nA number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694)\n\n\nFrom Red Hat Security Advisory 2006:0729 :\n\nA flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)", "published": "2013-07-12T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67399", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2017-10-29T13:35:20"}, {"id": "DEBIAN_DSA-1234.NASL", "type": "nessus", "title": "Debian DSA-1234-1 : ruby1.6 - denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.", "published": "2006-12-14T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=23847", "cvelist": ["CVE-2004-0983", "CVE-2006-5467"], "lastseen": "2017-10-29T13:39:09"}], "openvas": [{"id": "OPENVAS:136141256231065439", "type": "openvas", "title": "SLES9: Security update for ruby", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ruby\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020525 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065439", "cvelist": ["CVE-2006-5467"], "lastseen": "2018-04-06T11:39:18"}, {"id": "OPENVAS:65439", "type": "openvas", "title": "SLES9: Security update for ruby", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n ruby\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5020525 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65439", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-26T08:55:54"}, {"id": "OPENVAS:57925", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200611-12 (ruby)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200611-12.", "published": "2008-09-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57925", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-24T12:50:08"}, {"id": "OPENVAS:57560", "type": "openvas", "title": "FreeBSD Ports: ruby, ruby_static", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57560", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-07-02T21:10:26"}], "jvn": [{"id": "JVN:84798830", "type": "jvn", "title": "JVN#84798830 Denial of service vulnerability in Ruby CGI library (cgi.rb)", "description": "\n ## Description\n\n ## Impact\n\nA remote attacker could possibly conduct a DoS attack on a Ruby server by sending it a specially crafted request. \n\n ## Solution\n\n ## Products Affected\n\n * 1.8 series \n1.8.5 and all previous versions\n * Developer version (1.9 series) \n2006-12-04 and all previous versions\nFor more information, refer to the vendor's website. \n", "published": "2006-12-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://jvn.jp/en/jp/JVN84798830/index.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-03-23T17:09:39"}], "ubuntu": [{"id": "USN-371-1", "type": "ubuntu", "title": "Ruby vulnerability", "description": "An error was found in Ruby\u2019s CGI library that did not correctly check for the end of multipart MIME requests. Using a crafted HTTP request, a remote user could cause a denial of service, where Ruby CGI applications would end up in a loop, monopolizing a CPU.", "published": "2006-11-01T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/371-1/", "cvelist": ["CVE-2006-5467"], "lastseen": "2018-03-29T18:18:05"}], "centos": [{"id": "CESA-2006:0729", "type": "centos", "title": "irb, ruby security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0729\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA flaw was discovered in the way Ruby's CGI module handles certain\r\nmultipart/form-data MIME data. If a remote attacker sends a specially\r\ncrafted multipart-form-data request, it is possible to cause the ruby\r\nCGI script to enter an infinite loop, causing a denial of service.\r\n(CVE-2006-5467)\r\n\r\nUsers of Ruby should upgrade to these updated packages which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013361.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013362.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013363.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013364.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013374.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013375.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013387.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013388.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-mode\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0729.html", "published": "2006-11-08T19:36:57", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013361.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-12T14:44:52"}, {"id": "CESA-2006:0729-01", "type": "centos", "title": "irb, ruby security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0729-01\n\n\nRuby is an interpreted scripting language for object-oriented programming.\r\n\r\nA flaw was discovered in the way Ruby's CGI module handles certain\r\nmultipart/form-data MIME data. If a remote attacker sends a specially\r\ncrafted multipart-form-data request, it is possible to cause the ruby\r\nCGI script to enter an infinite loop, causing a denial of service.\r\n(CVE-2006-5467)\r\n\r\nUsers of Ruby should upgrade to these updated packages which contain\r\nbackported patches and are not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-November/013366.html\n\n**Affected packages:**\nirb\nruby\nruby-devel\nruby-docs\nruby-libs\nruby-tcltk\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-11-09T01:08:40", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-November/013366.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-10-12T14:47:08"}], "freebsd": [{"id": "AB8DBE98-6BE4-11DB-AE91-0012F06707F0", "type": "freebsd", "title": "ruby -- cgi.rb library Denial of Service", "description": "\nOfficial ruby site reports:\n\nA vulnerability has been discovered in the CGI library (cgi.rb)\n\t that ships with Ruby which could be used by a malicious user to\n\t create a denial of service attack (DoS). The problem is triggered\n\t by sending the library an HTTP request that uses multipart MIME\n\t encoding and as an invalid boundary specifier that begins with\n\t \"-\" instead of \"--\". Once triggered it will\n\t exhaust all available memory resources effectively creating a DoS\n\t condition.\n\n", "published": "2006-10-25T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/ab8dbe98-6be4-11db-ae91-0012f06707f0.html", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-26T17:25:04"}], "debian": [{"id": "DSA-1235", "type": "debian", "title": "ruby1.8 -- denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.8.2-7sarge5.\n\nWe recommend that you upgrade your ruby1.8 package.", "published": "2006-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1235", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-02T18:19:42"}, {"id": "DSA-1234", "type": "debian", "title": "ruby1.6 -- denial of service", "description": "A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.\n\nFor the stable distribution (sarge), this problem has been fixed in version 1.6.8-12sarge3.\n\nWe recommend that you upgrade your ruby1.6 package.", "published": "2006-12-13T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-1234", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-02T18:30:33"}], "gentoo": [{"id": "GLSA-200611-12", "type": "gentoo", "title": "Ruby: Denial of Service vulnerability", "description": "### Background\n\nRuby is a dynamic, open source programming language with a focus on simplicity and productivity. \n\n### Description\n\nZed Shaw, Jeremy Kemper, and Jamis Buck of the Mongrel project reported that the CGI library shipped with Ruby is vulnerable to a remote Denial of Service by an unauthenticated user. \n\n### Impact\n\nThe vulnerability can be exploited by sending the cgi.rb library an HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier beginning with \"-\" instead of \"--\". Successful exploitation of the vulnerability causes the library to go into an infinite loop waiting for additional nonexistent input. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Ruby users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ruby-1.8.5-r3\"", "published": "2006-11-20T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200611-12", "cvelist": ["CVE-2006-5467"], "lastseen": "2016-09-06T19:46:34"}], "osvdb": [{"id": "OSVDB:34237", "type": "osvdb", "title": "Ruby cgi.rb Crafted HTTP Request DoS", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=305530)\nSecurity Tracker: 1017194\n[Secunia Advisory ID:22929](https://secuniaresearch.flexerasoftware.com/advisories/22929/)\n[Secunia Advisory ID:23040](https://secuniaresearch.flexerasoftware.com/advisories/23040/)\n[Secunia Advisory ID:22761](https://secuniaresearch.flexerasoftware.com/advisories/22761/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22615](https://secuniaresearch.flexerasoftware.com/advisories/22615/)\n[Secunia Advisory ID:23344](https://secuniaresearch.flexerasoftware.com/advisories/23344/)\n[Secunia Advisory ID:25402](https://secuniaresearch.flexerasoftware.com/advisories/25402/)\n[Secunia Advisory ID:22624](https://secuniaresearch.flexerasoftware.com/advisories/22624/)\nRedHat RHSA: RHSA-2006:0729\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1235\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200611-12.xml\nOther Advisory URL: http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:192\nOther Advisory URL: http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.030-ruby.html\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P\nOther Advisory URL: http://www.debian.org/security/2006/dsa-1234\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2006_26_sr.html\nOther Advisory URL: http://www.ubuntu.com/usn/usn-371-1\nMail List Post: http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html\nFrSIRT Advisory: ADV-2006-4244\nFrSIRT Advisory: ADV-2006-4245\n[CVE-2006-5467](https://vulners.com/cve/CVE-2006-5467)\nBugtraq ID: 20777\n", "published": "2006-10-25T01:39:15", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:34237", "cvelist": ["CVE-2006-5467"], "lastseen": "2017-04-28T13:20:30"}], "oraclelinux": [{"id": "ELSA-2006-0729", "type": "oraclelinux", "title": "Moderate ruby security update ", "description": " [1.8.1-7.EL4.8]\n - BR tcl-devel and tk-devel instead of tcl and tk.\n \n [1.8.1-7.EL4.7]\n - security fix release.\n - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that\n causes the denial of service. (#212237)\n \n [1.8.1-7.EL4.6]\n - security fixes [CVE-2006-3694]\n - fixed the insecure operations on Dir and Regexp in the certain safe-level\n restrictions. (#199539)\n - fixed to not bypass the certain safe-level restrictions. (#199545)\n \n [1.8.1-7.EL4.4]\n - ruby-magic-setjmp.patch: backported to fix unstable GC on ia64.\n [ruby-talk:144939] (#190805) ", "published": "2006-11-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0729.html", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2016-09-04T11:16:55"}, {"id": "ELSA-2006-0604", "type": "oraclelinux", "title": "Moderate ruby security update ", "description": " [1.8.1-7.EL4.8]\n - BR tcl-devel and tk-devel instead of tcl and tk.\n \n [1.8.1-7.EL4.7]\n - security fix release.\n - ruby-1.8.1-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that\n causes the denial of service. (#212237)\n \n [1.8.1-7.EL4.6]\n - security fixes [CVE-2006-3694]\n - fixed the insecure operations on Dir and Regexp in the certain safe-level\n restrictions. (#199539)\n - fixed to not bypass the certain safe-level restrictions. (#199545)\n \n [1.8.1-7.EL4.4]\n - ruby-magic-setjmp.patch: backported to fix unstable GC on ia64.\n [ruby-talk:144939] (#190805) ", "published": "2006-11-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0604.html", "cvelist": ["CVE-2006-3694", "CVE-2006-5467"], "lastseen": "2016-09-04T11:16:34"}], "seebug": [{"id": "SSV:1795", "type": "seebug", "title": "Apple Mac OS X 2007-005\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "Apple Mac OS X\u662f\u4e00\u6b3e\u57fa\u4e8eBSD\u7684\u5546\u4e1a\u6027\u8d28\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple Mac OS X\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63d0\u5347\u7279\u6743\u7b49\u653b\u51fb\u3002\r\n\r\nCVE-ID: CVE-2007-0740\r\n\r\nAlias Manager\u5728\u90e8\u5206\u6761\u4ef6\u53ef\u4ee5\u4f7f\u7528\u6237\u6253\u5f00\u6076\u610f\u6587\u4ef6\uff0c\u5bfc\u81f4\u7279\u6743\u63d0\u5347\u3002\r\n\r\nCVE-ID: CVE-2007-0493, CVE-2007-0494, CVE-2006-4095, CVE-2006-4096\uff1a\r\n\r\nBIND\u670d\u52a1\u7a0b\u5e8f\u5b58\u5728\u591a\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nCVE-ID: CVE-2007-0750\r\n\r\nCoreGraphics\u5728\u6253\u5f00\u7279\u6b8a\u6784\u5efa\u7684PDF\u6587\u4ef6\u65f6\u53ef\u89e6\u53d1\u6ea2\u51fa\uff0c\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nCVE-ID: CVE-2007-0751\r\n\r\n\u5f53\u6bcf\u65e5\u6e05\u695a\u811a\u672c\u6267\u884c\u65f6\uff0c/tmp\u76ee\u5f55\u4e2d\u7684\u6302\u63a5\u7684\u6587\u4ef6\u7cfb\u7edf\u53ef\u88ab\u5220\u9664\u3002\r\n\r\nCVE-ID: CVE-2007-1558\r\n\r\nfetchmail\u52a0\u5bc6\u5b58\u5728\u5b89\u5168\u95ee\u9898\uff0c\u53ef\u5bfc\u81f4\u6cc4\u9732\u5bc6\u7801\u4fe1\u606f\u3002\r\n\r\nCVE-ID: CVE-2007-1536\r\n\r\n\u8fd0\u884cfile\u547d\u4ee4\u6253\u5f00\u7279\u6b8a\u6784\u5efa\u7684\u6587\u4ef6\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6216\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nCVE-ID: CVE-2007-2390\r\n\r\niChat\u7528\u4e8e\u5728\u5bb6\u7528NAT\u7f51\u5173\u4e0a\u5efa\u7acb\u7aef\u53e3\u6620\u5c04\u7684UPnP IGD\u4ee3\u7801\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u6784\u5efa\u6076\u610f\u62a5\u6587\u53ef\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\r\nCVE-ID: CVE-2007-0752\r\n\r\nPPP\u5b88\u62a4\u8fdb\u7a0b\u5728\u901a\u8fc7\u547d\u4ee4\u884c\u88c5\u8f7d\u63d2\u4ef6\u65f6\u53ef\u5bfc\u81f4\u7279\u6743\u63d0\u5347\u3002\r\n\r\nCVE-ID: CVE-2006-5467, CVE-2006-6303\r\n\r\nRuby CGI\u5e93\u5b58\u5728\u591a\u4e2a\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\r\n\r\nCVE-ID: CVE-2006-4573\r\n\r\nGNU Screen\u5b58\u5728\u591a\u4e2a\u62d2\u7edd\u670d\u52a1\u95ee\u9898\u3002\r\n\r\nCVE-ID: CVE-2005-3011\r\n\r\ntexinfo\u5b58\u5728\u6f0f\u6d1e\u5141\u8bb8\u4efb\u610f\u6587\u4ef6\u88ab\u8986\u76d6\u3002\r\n\r\nCVE-ID: CVE-2007-0753\r\n\r\nvpnd\u5b58\u5728\u683c\u5f0f\u4e32\u95ee\u9898\uff0c\u53ef\u7528\u4e8e\u63d0\u5347\u7279\u6743\u3002\n\nCosmicperl Directory Pro 10.0.3\r\nApple Mac OS X Server 10.4.9\r\nApple Mac OS X Server 10.4.8\r\nApple Mac OS X Server 10.4.7\r\nApple Mac OS X Server 10.4.6\r\nApple Mac OS X Server 10.4.5\r\nApple Mac OS X Server 10.4.4\r\nApple Mac OS X Server 10.4.3\r\nApple Mac OS X Server 10.4.2\r\nApple Mac OS X Server 10.4.1\r\nApple Mac OS X Server 10.4\r\nApple Mac OS X Server 10.3.9\r\nApple Mac OS X Server 10.3.8\r\nApple Mac OS X Server 10.3.7\r\nApple Mac OS X Server 10.3.6\r\nApple Mac OS X Server 10.3.5\r\nApple Mac OS X Server 10.3.4\r\nApple Mac OS X Server 10.3.3\r\nApple Mac OS X Server 10.3.2\r\nApple Mac OS X Server 10.3.1\r\nApple Mac OS X Server 10.3\r\nApple Mac OS X Server 10.2.8\r\nApple Mac OS X Server 10.2.7\r\nApple Mac OS X Server 10.2.6\r\nApple Mac OS X Server 10.2.5\r\nApple Mac OS X Server 10.2.4\r\nApple Mac OS X Server 10.2.3\r\nApple Mac OS X Server 10.2.2\r\nApple Mac OS X Server 10.2.1\r\nApple Mac OS X Server 10.2\r\nApple Mac OS X Server 10.1.5\r\nApple Mac OS X Server 10.1.4\r\nApple Mac OS X Server 10.1.3\r\nApple Mac OS X Server 10.1.2\r\nApple Mac OS X Server 10.1.1\r\nApple Mac OS X Server 10.1\r\nApple Mac OS X Server 10.0\r\nApple Mac OS X Preview.app 3.0.8\r\nApple Mac OS X 10.4.9\r\nApple Mac OS X 10.4.8\r\nApple Mac OS X 10.4.7\r\nApple Mac OS X 10.4.6\r\nApple Mac OS X 10.4.5\r\nApple Mac OS X 10.4.4\r\nApple Mac OS X 10.4.3\r\nApple Mac OS X 10.4.2\r\nApple Mac OS X 10.4.1\r\nApple Mac OS X 10.4\r\nApple Mac OS X 10.3.9\r\nApple Mac OS X 10.3.8\r\nApple Mac OS X 10.3.7\r\nApple Mac OS X 10.3.6\r\nApple Mac OS X 10.3.5\r\nApple Mac OS X 10.3.4\r\nApple Mac OS X 10.3.3\r\nApple Mac OS X 10.3.2\r\nApple Mac OS X 10.3.1\r\nApple Mac OS X 10.3\r\nApple Mac OS X 10.2.8\r\nApple Mac OS X 10.2.7\r\nApple Mac OS X 10.2.6\r\nApple Mac OS X 10.2.5\r\nApple Mac OS X 10.2.4\r\nApple Mac OS X 10.2.3\r\nApple Mac OS X 10.2.2\r\nApple Mac OS X 10.2.1\r\nApple Mac OS X 10.2\r\nApple Mac OS X 10.1.5\r\nApple Mac OS X 10.1.4\r\nApple Mac OS X 10.1.3\r\nApple Mac OS X 10.1.2\r\nApple Mac OS X 10.1.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.1\r\nApple Mac OS X 10.0.4\r\nApple Mac OS X 10.0.3\r\nApple Mac OS X 10.0.2\r\nApple Mac OS X 10.0.1\r\nApple Mac OS X 10.0 3\r\nApple Mac OS X 10.0 \r\n\r\n\n \u5347\u7ea7\u7a0b\u5e8f\uff1a\r\n\r\nApple Mac OS X Server 10.3.9\r\n\r\n * Apple SecUpdSrvr2007-005Pan.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13993&cat=</a> 1&platform=osx&method=sa/SecUpdSrvr2007-005Pan.dmg\r\n\r\n\r\nApple Mac OS X 10.3.9\r\n\r\n * Apple SecUpd2007-005Pan.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13992&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Pan.dmg\r\n\r\n\r\nApple Mac OS X Server 10.4.9\r\n\r\n * Apple SecUpd2007-005Ti.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg\r\n\r\n * Apple SecUpd2007-005Univ.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg\r\n\r\n\r\nApple Mac OS X 10.4.9\r\n\r\n * Apple SecUpd2007-005Ti.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13995&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Ti.dmg\r\n\r\n * Apple SecUpd2007-005Univ.dmg\r\n <a href=\"http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=\" target=\"_blank\">http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13998&cat=</a> 1&platform=osx&method=sa/SecUpd2007-005Univ.dmg", "published": "2007-05-25T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.seebug.org/vuldb/ssvid-1795", "cvelist": ["CVE-2005-3011", "CVE-2006-4095", "CVE-2006-4096", "CVE-2006-4573", "CVE-2006-5467", "CVE-2006-6303", "CVE-2007-0493", "CVE-2007-0494", "CVE-2007-0740", "CVE-2007-0750", "CVE-2007-0751", "CVE-2007-0752", "CVE-2007-0753", "CVE-2007-1536", "CVE-2007-1558", "CVE-2007-2390"], "lastseen": "2017-11-19T22:03:11"}]}}