CVE-2006-3694

NameCVE-2006-3694
DescriptionMultiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1139-1, DSA-1157
NVD severitymedium (attack range: remote)
Debian Bugs378029
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ruby1.8 (PTS)squeeze (security), squeeze1.8.7.302-2squeeze2fixed
squeeze (lts)1.8.7.302-2squeeze3fixed
wheezy1.8.7.358-7.1+deb7u1fixed
wheezy (security)1.8.7.358-7.1+deb7u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ruby1.6sourcesarge1.6.8-12sarge2mediumDSA-1139-1
ruby1.8source(unstable)1.8.4-3medium378029
ruby1.8sourcesarge1.8.2-7sarge4mediumDSA-1157
ruby1.9source(unstable)1.9.0+20060609-1medium

Search for package or bug name: Reporting problems