FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-3694

This CVE name corresponds to:

Entered Topic
2006-07-29 ruby -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-3694 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-3694
Phase Assigned(20060718)

Description

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

References

Source Reference
MLIST [freebsd-security] 20060728 Ruby vulnerability?
MLIST [freebsd-security] 20060730 Ruby vulnerability?
DEBIAN DSA-1139
DEBIAN DSA-1157
MANDRIVA MDKSA-2006:134
REDHAT RHSA-2006:0604
SGI 20060801-01-P
SUSE SUSE-SR:2006:021
UBUNTU USN-325-1
JVN JVN#13947696
JVN JVN#83768862
BID 18944
OVAL oval:org.mitre.oval:def:9983
VUPEN ADV-2006-2760
OSVDB 27144
OSVDB 27145
SECUNIA 21009
SECUNIA 21233
SECUNIA 21236
SECUNIA 21272
SECUNIA 21337
SECUNIA 21657
SECUNIA 21598
SECUNIA 21749
XF ruby-alias-directory-security-bypass(27725)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.