CVE-2006-3694

NameCVE-2006-3694
DescriptionMultiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1139-1, DSA-1157
NVD severitymedium (attack range: remote)
Debian Bugs378029

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.6sourcesarge1.6.8-12sarge2mediumDSA-1139-1
ruby1.8source(unstable)1.8.4-3medium378029
ruby1.8sourcesarge1.8.2-7sarge4mediumDSA-1157
ruby1.9source(unstable)1.9.0+20060609-1medium

Search for package or bug name: Reporting problems