CVE-2006-3694

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://jvn.jp/jp/JVN%2313947696/index.html
http://jvn.jp/jp/JVN%2383768862/index.html
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html
http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html
http://secunia.com/advisories/21009	Patch Vendor Advisory
http://secunia.com/advisories/21233	Patch Vendor Advisory
http://secunia.com/advisories/21236	Patch Vendor Advisory
http://secunia.com/advisories/21272	Patch Vendor Advisory
http://secunia.com/advisories/21337	Patch Vendor Advisory
http://secunia.com/advisories/21598
http://secunia.com/advisories/21657
http://secunia.com/advisories/21749
http://www.debian.org/security/2006/dsa-1139	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-1157
http://www.mandriva.com/security/advisories?name=MDKSA-2006:134
http://www.novell.com/linux/security/advisories/2006_21_sr.html
http://www.osvdb.org/27144
http://www.osvdb.org/27145
http://www.redhat.com/support/errata/RHSA-2006-0604.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/18944	Patch
http://www.ubuntu.com/usn/usn-325-1	Patch
http://www.vupen.com/english/advisories/2006/2760
https://exchange.xforce.ibmcloud.com/vulnerabilities/27725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2:::::::*
	cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3:::::::*
	cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4:::::::*

History

No history.

Information

Published : 2006-07-21 14:03

Updated : 2023-12-10 10:28

NVD link : CVE-2006-3694

Mitre link : CVE-2006-3694

CVE.ORG link : CVE-2006-3694

JSON object : View

Products Affected

yukihiro_matsumoto

ruby

CWE

NVD-CWE-Other

{"id": "CVE-2006-3694", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/jp/JVN%2313947696/index.html", "source": "cve@mitre.org"}, {"url": "http://jvn.jp/jp/JVN%2383768862/index.html", "source": "cve@mitre.org"}, {"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html", "source": "cve@mitre.org"}, {"url": "http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21009", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21233", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21236", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21272", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21337", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21598", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21657", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/21749", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1139", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1157", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:134", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2006_21_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27144", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/27145", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0604.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/18944", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-325-1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2760", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27725", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \"safe level\" checks via unspecified vectors involving (1) the alias function and (2) \"directory operations\"."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades no especificadas en Ruby anterior a 1.8.5 permite a atacantes remotos evitar la validaci\u00f3n \"nivel de seguro\" a trav\u00e9s de vectores no especificados afectando a la funci\u00f3n (1)alias y (2) \"operaciones de directorio\"."}], "lastModified": "2017-10-11T01:31:05.937", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A297F510-49B6-4038-B256-D24AEE5B2E53"}, {"criteria": "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C92061D-1279-411C-95ED-89DE07B1FD06"}, {"criteria": "cpe:2.3:a:yukihiro_matsumoto:ruby:1.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF848DA-AF77-427B-A6D1-582844F38C05"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}