CVE-2006-3694

NameCVE-2006-3694
DescriptionMultiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1139-1, DSA-1157
NVD severitymedium (attack range: remote)
Debian Bugs378029
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby1.8 (PTS)squeeze, squeeze (security)1.8.7.302-2squeeze2fixed
squeeze (lts)1.8.7.302-2squeeze4fixed
wheezy1.8.7.358-7.1+deb7u1fixed
wheezy (security)1.8.7.358-7.1+deb7u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.6sourcesarge1.6.8-12sarge2mediumDSA-1139-1
ruby1.8source(unstable)1.8.4-3medium378029
ruby1.8sourcesarge1.8.2-7sarge4mediumDSA-1157
ruby1.9source(unstable)1.9.0+20060609-1medium

Search for package or bug name: Reporting problems