ID CVE-2006-3694
Summary Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4
CVSS
Base: 6.4 (as of 21-07-2006 - 15:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-134.NASL
    description A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 23884
    published 2006-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23884
    title Mandrake Linux Security Advisory : ruby (MDKSA-2006:134)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1139.NASL
    description It was discovered that the interpreter for the Ruby language does not properly maintain 'safe levels' for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22681
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22681
    title Debian DSA-1139-1 : ruby1.6 - missing privilege checks
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-1946.NASL
    description An attacker could bypass the 'safe level' checks. (CVE-2006-3694)
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 29570
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29570
    title SuSE 10 Security Update : ruby (ZYPP Patch Number 1946)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0604.NASL
    description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 22113
    published 2006-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22113
    title RHEL 2.1 / 3 / 4 : ruby (RHSA-2006:0604)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_765625941F1911DBB7D40008743BF21A.NASL
    description Secunia reports : Two vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions. - An error in the handling of the 'alias' functionality can be exploited to bypass the safe level protection and replace methods called in the trusted level. - An error caused due to directory operations not being properly checked can be exploited to bypass the safe level protection and close untainted directory streams.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22139
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22139
    title FreeBSD : ruby -- multiple vulnerabilities (76562594-1f19-11db-b7d4-0008743bf21a)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_RUBY-1948.NASL
    description An attacker could bypass the 'safe level' checks (CVE-2006-3694).
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 27421
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27421
    title openSUSE 10 Security Update : ruby (ruby-1948)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0604.NASL
    description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 22136
    published 2006-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22136
    title CentOS 3 / 4 : ruby (CESA-2006:0604)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1157.NASL
    description Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-1931 It was discovered that the use of blocking sockets can lead to denial of service. - CVE-2006-3964 It was discovered that Ruby does not properly maintain 'safe levels' for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22699
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22699
    title Debian DSA-1157-1 : ruby1.8 - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0604.NASL
    description Updated ruby packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for object-oriented programming. Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. From Red Hat Security Advisory 2006:0604 : A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) From Red Hat Security Advisory 2006:0729 : A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467)
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67399
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67399
    title Oracle Linux 3 / 4 : ruby (ELSA-2006-0604 / ELSA-2006-0729)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-325-1.NASL
    description The alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27903
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27903
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : ruby1.8 vulnerability (USN-325-1)
oval via4
accepted 2013-04-29T04:23:53.165-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
family unix
id oval:org.mitre.oval:def:9983
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
version 23
redhat via4
advisories
bugzilla
id 199545
title CVE-2006-3694 ruby safe-level bypass
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0604
released 2006-07-27
severity Moderate
title RHSA-2006:0604: ruby security update (Moderate)
refmap via4
bid 18944
debian
  • DSA-1139
  • DSA-1157
jvn
  • JVN#13947696
  • JVN#83768862
mandriva MDKSA-2006:134
mlist
  • [freebsd-security] 20060728 Ruby vulnerability?
  • [freebsd-security] 20060730 Ruby vulnerability?
osvdb
  • 27144
  • 27145
secunia
  • 21009
  • 21233
  • 21236
  • 21272
  • 21337
  • 21598
  • 21657
  • 21749
sgi 20060801-01-P
suse SUSE-SR:2006:021
ubuntu USN-325-1
vupen ADV-2006-2760
xf ruby-alias-directory-security-bypass(27725)
Last major update 07-03-2011 - 21:39
Published 21-07-2006 - 10:03
Last modified 10-10-2017 - 21:31
Back to Top