FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ruby -- multiple vulnerabilities

Affected packages
1.6.* < ruby < 1.8.*
1.8.* < ruby < 1.8.4_9,1
1.6.* < ruby_static < 1.8.*
1.8.* < ruby_static < 1.8.4_9,1

Details

VuXML ID 76562594-1f19-11db-b7d4-0008743bf21a
Discovery 2006-07-12
Entry 2006-07-29
Modified 2006-07-30

Secunia reports:

Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions.

  1. An error in the handling of the "alias" functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level.
  2. An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.

References

Bugtraq ID 18944
CVE Name CVE-2006-3694
URL http://jvn.jp/jp/JVN%2313947696/index.html
URL http://jvn.jp/jp/JVN%2383768862/index.html
URL http://secunia.com/advisories/21009/