ID CVE-2006-3694
Summary Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
References
Vulnerable Configurations
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 11-10-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
oval via4
accepted 2013-04-29T04:23:53.165-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
family unix
id oval:org.mitre.oval:def:9983
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
version 29
redhat via4
advisories
bugzilla
id 199545
title CVE-2006-3694 ruby safe-level bypass
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • comment irb is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604001
        • comment irb is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427002
      • AND
        • comment ruby is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604003
        • comment ruby is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427004
      • AND
        • comment ruby-devel is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604005
        • comment ruby-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427006
      • AND
        • comment ruby-docs is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604007
        • comment ruby-docs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427008
      • AND
        • comment ruby-libs is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604009
        • comment ruby-libs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427010
      • AND
        • comment ruby-mode is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604011
        • comment ruby-mode is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427012
      • AND
        • comment ruby-tcltk is earlier than 0:1.8.1-7.EL4.6
          oval oval:com.redhat.rhsa:tst:20060604013
        • comment ruby-tcltk is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060427014
rhsa
id RHSA-2006:0604
released 2006-07-27
severity Moderate
title RHSA-2006:0604: ruby security update (Moderate)
rpms
  • irb-0:1.6.8-9.EL3.6
  • irb-0:1.8.1-7.EL4.6
  • ruby-0:1.6.8-9.EL3.6
  • ruby-0:1.8.1-7.EL4.6
  • ruby-debuginfo-0:1.6.8-9.EL3.6
  • ruby-debuginfo-0:1.8.1-7.EL4.6
  • ruby-devel-0:1.6.8-9.EL3.6
  • ruby-devel-0:1.8.1-7.EL4.6
  • ruby-docs-0:1.6.8-9.EL3.6
  • ruby-docs-0:1.8.1-7.EL4.6
  • ruby-libs-0:1.6.8-9.EL3.6
  • ruby-libs-0:1.8.1-7.EL4.6
  • ruby-mode-0:1.6.8-9.EL3.6
  • ruby-mode-0:1.8.1-7.EL4.6
  • ruby-tcltk-0:1.6.8-9.EL3.6
  • ruby-tcltk-0:1.8.1-7.EL4.6
refmap via4
bid 18944
debian
  • DSA-1139
  • DSA-1157
jvn
  • JVN#13947696
  • JVN#83768862
mandriva MDKSA-2006:134
mlist
  • [freebsd-security] 20060728 Ruby vulnerability?
  • [freebsd-security] 20060730 Ruby vulnerability?
osvdb
  • 27144
  • 27145
secunia
  • 21009
  • 21233
  • 21236
  • 21272
  • 21337
  • 21598
  • 21657
  • 21749
sgi 20060801-01-P
suse SUSE-SR:2006:021
ubuntu USN-325-1
vupen ADV-2006-2760
xf ruby-alias-directory-security-bypass(27725)
Last major update 11-10-2017 - 01:31
Published 21-07-2006 - 14:03
Last modified 11-10-2017 - 01:31
Back to Top