FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-6303

This CVE name corresponds to:

Entered Topic
2006-12-04 ruby -- cgi.rb library Denial of Service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-6303 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-6303
Phase Assigned(20061205)

Description

The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.

References

Source Reference
CONFIRM http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
MISC http://bugs.gentoo.org/show_bug.cgi?id=157048
MISC http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218287
MISC http://www.ruby-lang.org/cgi-bin/cvsweb.cgi/ruby/lib/cgi.rb.diff?f=h&only_with_tag=MAIN&r1=text&tr1=1.92&r2=text&tr2=1.91
CONFIRM http://docs.info.apple.com/article.html?artnum=305530
APPLE APPLE-SA-2007-05-24
GENTOO GLSA-200612-21
MANDRIVA MDKSA-2006:225
REDHAT RHSA-2007:0961
SUSE SUSE-SR:2007:004
UBUNTU USN-394-1
JVN JVN#84798830
BID 21441
OVAL oval:org.mitre.oval:def:10529
VUPEN ADV-2006-4855
VUPEN ADV-2007-1939
SECTRACK 1017363
SECUNIA 23268
SECUNIA 23165
SECUNIA 23454
SECUNIA 25402
SECUNIA 27576
SECUNIA 31090
XF ruby-cgi-library-dos(30734)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.