Red Hat Local Security Checks : RedHat Security Advisory RHSA-2006:0427

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56705

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2006:0427

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2006:0427.

Ruby is an interpreted scripting language for object-oriented programming.

A bug was found in the way Ruby creates its xmlrpc and http servers. The
servers use a non blocking socket, which enables a remote user to cause a
denial of service condition if they are able to transmit a large volume of
information from the network server. (CVE-2006-1931)

Users of Ruby should update to these erratum packages, which contain a
backported patch and are not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2006-0427.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: BugTraq ID: 17645
Common Vulnerability Exposure (CVE) ID: CVE-2006-1931
1015978
http://securitytracker.com/id?1015978
16904
http://secunia.com/advisories/16904
17645
http://www.securityfocus.com/bid/17645
19772
http://secunia.com/advisories/19772
19804
http://secunia.com/advisories/19804
20024
http://secunia.com/advisories/20024
20064
http://secunia.com/advisories/20064
20457
http://secunia.com/advisories/20457
21657
http://secunia.com/advisories/21657
24972
http://www.osvdb.org/24972
DSA-1157
http://www.debian.org/security/2006/dsa-1157
GLSA-200605-11
http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml
MDKSA-2006:079
http://www.mandriva.com/security/advisories?name=MDKSA-2006:079
RHSA-2006:0427
http://www.redhat.com/support/errata/RHSA-2006-0427.html
SUSE-SR:2006:012
http://www.novell.com/linux/security/advisories/2006-06-02.html
USN-273-1
https://usn.ubuntu.com/273-1/
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
oval:org.mitre.oval:def:11100
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100
ruby-socket-dos(26102)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26102

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56705
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2006:0427
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2006:0427. Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its xmlrpc and http servers. The servers use a non blocking socket, which enables a remote user to cause a denial of service condition if they are able to transmit a large volume of information from the network server. (CVE-2006-1931) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2006-0427.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	BugTraq ID: 17645 Common Vulnerability Exposure (CVE) ID: CVE-2006-1931 1015978 http://securitytracker.com/id?1015978 16904 http://secunia.com/advisories/16904 17645 http://www.securityfocus.com/bid/17645 19772 http://secunia.com/advisories/19772 19804 http://secunia.com/advisories/19804 20024 http://secunia.com/advisories/20024 20064 http://secunia.com/advisories/20064 20457 http://secunia.com/advisories/20457 21657 http://secunia.com/advisories/21657 24972 http://www.osvdb.org/24972 DSA-1157 http://www.debian.org/security/2006/dsa-1157 GLSA-200605-11 http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml MDKSA-2006:079 http://www.mandriva.com/security/advisories?name=MDKSA-2006:079 RHSA-2006:0427 http://www.redhat.com/support/errata/RHSA-2006-0427.html SUSE-SR:2006:012 http://www.novell.com/linux/security/advisories/2006-06-02.html USN-273-1 https://usn.ubuntu.com/273-1/ ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540 oval:org.mitre.oval:def:11100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11100 ruby-socket-dos(26102) https://exchange.xforce.ibmcloud.com/vulnerabilities/26102
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com