DSA-1119 hiki - design flaw

Bulletin has no description...

CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

ruby1.8 vulnerability

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass safe level checks via unspecified vectors involving 1 the alias function and 2 directory operations...

CVE-2006-3694

CVE-2006-3694 refers to multiple vulnerabilities in Ruby prior to 1.8.5 that allow remote attackers to bypass certain security checks. The core issue is a bypass of the interpreter’s safe-level restrictions via unspecified vectors involving (1) the alias function and (2) directory operations, ena...

CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving 1 the alias function and 2 "directory operations"...

[SA21009] Ruby Safe Level Security Bypass Vulnerabilities

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also requir...

ruby -- multiple vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted...

JVN#83768862 Ruby vulnerability caused by a problem with the alias funtion so that safe level 4 does not function as a sandbox

Impact An attacker could force programs to crash. Solution Products Affected Ruby 1.8.4-20060328 and earlier Snapshot versions As a workaround, we recommend that users update to the latest Ruby 1.8.4 snapshot version...

CentOS 4 : ruby (CESA-2006:0427)

Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its...

CentOS 4 : ruby (CESA-2005:543)

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby...

CentOS 3 / 4 : ruby (CESA-2005:799)

Updated ruby packages that fix an arbitrary command execution issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Updated 25 Oct 2005 Errata has been updated to include missing packages for Red Hat Enterprise Linux 3. Ruby ...

JVN#46691257 RWiki arbitrary Ruby script execution vulnerability

Impact A remote attacker could execute an arbitrary Ruby script on the server where RWiki is installed, with the privilege running RWiki. Solution Products Affected RWiki/2.1.0pre2 and all earlier versions...

GLSA-200605-11 : Ruby: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200605-11 Ruby: Denial of Service Ruby uses blocking sockets for WEBrick and XMLRPC servers. Impact : An attacker could send large amounts of data to an affected server to block the socket and thus deny other connections to the...

FreeBSD : ruby -- vulnerability in the safe level settings (1daea60a-4719-11da-b5c6-0004614cc33d)

Ruby home page reports : The Object Oriented Scripting Language Ruby supports safely executing an untrusted code with two mechanisms : safe level and taint flag on objects. A vulnerability has been found that allows bypassing these mechanisms. By using the vulnerability, arbitrary code can be...

RHEL 4 : ruby (RHSA-2006:0427)

Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its...

Ruby: Denial of service

Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with HTTP "WEBrick" and XMLRPC server objects. Description Ruby uses blocking sockets for WEBrick and XMLRPC servers. Impact An attacker could send large amounts of data to an...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2006:0427 Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix a denial of service issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its...

security flaw

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service blocked connections via a large amount of data...