Rapid7 Vulnerability & Exploit Database

ELSA-2006:0604, ELSA-2006:0729 Moderate ruby security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2006:0604, ELSA-2006:0729 Moderate ruby security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

07/21/2006

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

Solution(s)

oracle-linux-upgrade-irb
oracle-linux-upgrade-ruby
oracle-linux-upgrade-ruby-devel
oracle-linux-upgrade-ruby-docs
oracle-linux-upgrade-ruby-libs
oracle-linux-upgrade-ruby-mode
oracle-linux-upgrade-ruby-tcltk

References

https://attackerkb.com/topics/cve-2006-3694
APPLE-SA-2007-05-24
18944
20777
CVE - 2006-3694
CVE - 2006-5467
DSA-1139
DSA-1157
DSA-1234
DSA-1235
OVAL10185
OVAL9983
RHSA-2006:0604
RHSA-2006:0729
20060801-01-P
20061101-01-P
http://oss.oracle.com/pipermail/el-errata/2006-November/000018.html
27725

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;