Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2006:134 (ruby)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.57142

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2006:134 (ruby)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to ruby
announced via advisory MDKSA-2006:134.

A number of flaws were discovered in the safe-level restrictions in
the Ruby language. Because of these flaws, it would be possible for
an attacker to create a carefully crafted malicious script that could
allow them to bypass certain safe-level restrictions.

Updated packages have been patched to correct this issue.

Affected: 2006.0, Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:134

Risk factor : High

CVSS Score:
6.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-3694
BugTraq ID: 18944
http://www.securityfocus.com/bid/18944
Debian Security Information: DSA-1139 (Google Search)
http://www.debian.org/security/2006/dsa-1139
Debian Security Information: DSA-1157 (Google Search)
http://www.debian.org/security/2006/dsa-1157
http://jvn.jp/jp/JVN%2313947696/index.html
http://jvn.jp/jp/JVN%2383768862/index.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
http://www.osvdb.org/27144
http://www.osvdb.org/27145
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983
http://www.redhat.com/support/errata/RHSA-2006-0604.html
http://secunia.com/advisories/21009
http://secunia.com/advisories/21233
http://secunia.com/advisories/21236
http://secunia.com/advisories/21272
http://secunia.com/advisories/21337
http://secunia.com/advisories/21598
http://secunia.com/advisories/21657
http://secunia.com/advisories/21749
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
SuSE Security Announcement: SUSE-SR:2006:021 (Google Search)
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.ubuntu.com/usn/usn-325-1
http://www.vupen.com/english/advisories/2006/2760
XForce ISS Database: ruby-alias-directory-security-bypass(27725)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27725

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.57142
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2006:134 (ruby)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to ruby announced via advisory MDKSA-2006:134. A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions. Updated packages have been patched to correct this issue. Affected: 2006.0, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:134 Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3694 BugTraq ID: 18944 http://www.securityfocus.com/bid/18944 Debian Security Information: DSA-1139 (Google Search) http://www.debian.org/security/2006/dsa-1139 Debian Security Information: DSA-1157 (Google Search) http://www.debian.org/security/2006/dsa-1157 http://jvn.jp/jp/JVN%2313947696/index.html http://jvn.jp/jp/JVN%2383768862/index.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:134 http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html http://www.osvdb.org/27144 http://www.osvdb.org/27145 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983 http://www.redhat.com/support/errata/RHSA-2006-0604.html http://secunia.com/advisories/21009 http://secunia.com/advisories/21233 http://secunia.com/advisories/21236 http://secunia.com/advisories/21272 http://secunia.com/advisories/21337 http://secunia.com/advisories/21598 http://secunia.com/advisories/21657 http://secunia.com/advisories/21749 SGI Security Advisory: 20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SuSE Security Announcement: SUSE-SR:2006:021 (Google Search) http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.ubuntu.com/usn/usn-325-1 http://www.vupen.com/english/advisories/2006/2760 XForce ISS Database: ruby-alias-directory-security-bypass(27725) https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com