BUGTRAQ ID: 26421
CVE ID:CVE-2007-5770
CNCVE ID:CNCVE-20075770
Yukihiro Matsumoto Ruby是一种解释型的方便快捷的面向对象脚本语言。
Ruby包含的多个库在对X.509证书验证存在问题,远程攻击者可以利用漏洞进行中间人攻击,获得敏感信息。
多个Ruby Net模块处理SSL证书验证存在问题,库没有对SSL服务器证书中的common name (CN)的请求的主机名进行检查,可导致中间人攻击。攻击者借此可嗅探到敏感信息。
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
- Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
- Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
- RedHat Fedora Core4
- RedHat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
- RedHat Fedora Core3
- RedHat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
- RedHat Fedora Core3
- Ubuntu Ubuntu Linux 5.0 4 powerpc
- Ubuntu Ubuntu Linux 5.0 4 i386
- Ubuntu Ubuntu Linux 5.0 4 amd64
- Ubuntu Ubuntu Linux 4.1 ppc
- Ubuntu Ubuntu Linux 4.1 ia64
- Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.6.7
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
- Debian Linux 3.0
Yukihiro Matsumoto Ruby 1.6
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
厂商解决方案
2007-10-08的Ruby’s SVN库中已经修补此漏洞:
<a href=“http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656” target=“_blank”>http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656</a>