Vulnerability Details CVE-2006-3694
Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.6%
CVSS Severity
CVSS v2 Score 6.4
References
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- http://jvn.jp/jp/JVN%2313947696/index.html
- http://jvn.jp/jp/JVN%2383768862/index.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
- http://secunia.com/advisories/21009
- http://secunia.com/advisories/21233
- http://secunia.com/advisories/21236
- http://secunia.com/advisories/21272
- http://secunia.com/advisories/21337
- http://secunia.com/advisories/21598
- http://secunia.com/advisories/21657
- http://secunia.com/advisories/21749
- http://www.debian.org/security/2006/dsa-1139
- http://www.debian.org/security/2006/dsa-1157
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/27144
- http://www.osvdb.org/27145
- http://www.redhat.com/support/errata/RHSA-2006-0604.html
- http://www.securityfocus.com/bid/18944
- http://www.ubuntu.com/usn/usn-325-1
- http://www.vupen.com/english/advisories/2006/2760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983
- ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
- http://jvn.jp/jp/JVN%2313947696/index.html
- http://jvn.jp/jp/JVN%2383768862/index.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
- http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
- http://secunia.com/advisories/21009
- http://secunia.com/advisories/21233
- http://secunia.com/advisories/21236
- http://secunia.com/advisories/21272
- http://secunia.com/advisories/21337
- http://secunia.com/advisories/21598
- http://secunia.com/advisories/21657
- http://secunia.com/advisories/21749
- http://www.debian.org/security/2006/dsa-1139
- http://www.debian.org/security/2006/dsa-1157
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
- http://www.novell.com/linux/security/advisories/2006_21_sr.html
- http://www.osvdb.org/27144
- http://www.osvdb.org/27145
- http://www.redhat.com/support/errata/RHSA-2006-0604.html
- http://www.securityfocus.com/bid/18944
- http://www.ubuntu.com/usn/usn-325-1
- http://www.vupen.com/english/advisories/2006/2760
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983
Products affected by CVE-2006-3694
-
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2
-
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3
-
cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4