Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2006-3694

Published: 21/07/2006 Updated: 11/10/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Yukihiro Matsumoto

Vulnerability Summary

Multiple unspecified vulnerabilities in Ruby prior to 1.8.5 allow remote malicious users to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

Vulnerable Product Search on Vulmon Subscribe to Product

yukihiro matsumoto ruby 1.8.2

yukihiro matsumoto ruby 1.8.3

yukihiro matsumoto ruby 1.8.4

Vendor Advisories

Ubuntu Security Notice: ruby1.8 vulnerability
The alias function, certain directory operations, and regular expressions did not correctly implement safe levels Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations ...
Debian Security Advisories: DSA-1157-1 ruby1.8 -- several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-1931 It was discovered that the use of blocking sockets can lead to denial of service ...

References

NVD-CWE-Otherhttp://jvn.jp/jp/JVN%2313947696/index.htmlhttp://jvn.jp/jp/JVN%2383768862/index.htmlhttp://www.securityfocus.com/bid/18944http://secunia.com/advisories/21009http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.htmlhttp://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0604.htmlhttp://www.ubuntu.com/usn/usn-325-1http://secunia.com/advisories/21233http://secunia.com/advisories/21236http://secunia.com/advisories/21272http://www.debian.org/security/2006/dsa-1139http://secunia.com/advisories/21337http://www.osvdb.org/27144http://www.debian.org/security/2006/dsa-1157http://secunia.com/advisories/21657http://www.novell.com/linux/security/advisories/2006_21_sr.htmlftp://patches.sgi.com/support/free/security/advisories/20060801-01-Phttp://secunia.com/advisories/21598http://secunia.com/advisories/21749http://www.osvdb.org/27145http://www.mandriva.com/security/advisories?name=MDKSA-2006:134http://www.vupen.com/english/advisories/2006/2760https://exchange.xforce.ibmcloud.com/vulnerabilities/27725https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983https://usn.ubuntu.com/325-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook