BDU:2015-01757

Опубликовано: 21 июл. 2006

Источник: fstec

CVSS2: 6.4

EPSS Низкий

Описание

Множественные уязвимости пакета libruby1.6 операционной системы Debian GNU/Linux, эксплуатация которых может привести к нарушению конфиденциальности и целостности защищаемой информации. Эксплуатация уязвимостей может быть осуществлена удаленно.

Вендор

Сообщество свободного программного обеспечения

Наименование ПО

Debian GNU/Linux

Версия ПО

до 3.1 (Debian GNU/Linux)

Тип ПО

Операционная система

Операционные системы и аппаратные платформы

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 6,4)

Возможные меры по устранению уязвимости

Проблема может быть решена обновлением операционной системы до следующих версий пакетов в зависимости от архитектуры:

Debian GNU/Linux 3.1:

ppc:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

s390x:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

m68k:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

i686:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

arm:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

sparc:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

x86-64:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

alpha:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

ia64:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

mips:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

noarch:

irb1.6 - 1.6.8-12sarge2

ruby1.6-elisp - 1.6.8-12sarge2

ruby1.6-examples - 1.6.8-12sarge2

mipsel:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

hppa:

libcurses-ruby1.6 - 1.6.8-12sarge2

libdbm-ruby1.6 - 1.6.8-12sarge2

libgdbm-ruby1.6 - 1.6.8-12sarge2

libpty-ruby1.6 - 1.6.8-12sarge2

libreadline-ruby1.6 - 1.6.8-12sarge2

libruby1.6 - 1.6.8-12sarge2

libruby1.6-dbg - 1.6.8-12sarge2

libsdbm-ruby1.6 - 1.6.8-12sarge2

libsyslog-ruby1.6 - 1.6.8-12sarge2

libtcltk-ruby1.6 - 1.6.8-12sarge2

libtk-ruby1.6 - 1.6.8-12sarge2

ruby1.6 - 1.6.8-12sarge2

ruby1.6-dev - 1.6.8-12sarge2

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 90%

0.05392

Низкий

6.4 Medium

CVSS2

Связанные уязвимости

CVE-2006-3694

ubuntu

около 19 лет назад

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

CVE-2006-3694

redhat

около 19 лет назад

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

CVE-2006-3694

nvd

около 19 лет назад

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

CVE-2006-3694

debian

около 19 лет назад

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...

GHSA-rx2v-jmvm-3c4h

github

больше 3 лет назад

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

EPSS

Процентиль: 90%

0.05392

Низкий

6.4 Medium

CVSS2