Debian Security Advisory 1157-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service.
80f0c222dedc9f7ade77c3e9a5db07f4a0afb9e56c2f6e35d20d8ec5a70b59bcDebian Security Advisory 1139-1 - It was discovered that the interpreter for the Ruby language does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
d7c0387fbe01d5c5bf8ef1a5cd20dcc99ffc162c6315d4230460c78a0927ba03Mandriva Linux Security Advisory MDKSA-2006-134 - A number of flaws were discovered in the safe-level restrictions in the Ruby language. Because of these flaws, it would be possible for an attacker to create a carefully crafted malicious script that could allow them to bypass certain safe-level restrictions.
6fd312b98f4ecc1065358bb1f845e446f01ac335c208ce0b7bf10c6b1dd51344OpenPKG Security Advisory OpenPKG-SA-2006.016 - Multiple unspecified vulnerabilities in the Ruby programming language allow remote attackers to bypass "safe level" checks via unspecified vectors involving the "alias" function, directory operations and regular expressions.
8f897b645d525dd78eeb3792352c96d7f00b3d90a9db7a9350489cbd372b5f18Ubuntu Security Notice USN-325-1 - ruby1.8 suffer from flaws where the alias function, certain directory operations, and regular expressions did not correctly implement safe levels. Depending on the application these flaws might allow attackers to bypass safe level restrictions and perform unintended operations.
9c1a6992c54e44376d86b629d30ceea887c1f54569b11165a6763e0d35aa4d22
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed