- Document Ruby vulnerability. [1]

- Fix URL in previous mutt entry while here. Reported by: Joel Hatton via freebsd-ports [1]
svn path=/head/; revision=169048
2025-07-18 01:39:16 -04:00 · 2006-07-29 16:34:04 +00:00 · 2006-07-29 16:34:04 +00:00 · d89df01529 · 2021-03-31 03:12:20 +00:00
commit d89df01529
parent 9c6cf0f4f1
1 changed files with 53 additions and 1 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -34,6 +34,58 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="76562594-1f19-11db-b7d4-0008743bf21a">
+    <topic>Ruby - Safe Level Security Bypass Vulnerabilities</topic>
+    <affects>
+      <package>
+        <name>ruby</name>
+        <name>ruby_static</name>
+        <range><gt>1.6.*</gt><le>1.6.8.2004.07.28_2</le></range>
+        <range><gt>1.8.*</gt><le>1.8.4_8</le></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Secunia reports:</p>
+        <blockquote cite="http://secunia.com/advisories/21009/">
+          <p>
+            Two vulnerabilities have been reported in Ruby, which can be
+            exploited by malicious people to bypass certain security
+            restrictions.
+          </p>
+
+          <ol>
+            <li>
+              An error in the handling of the "alias" functionality
+              can be exploited to bypass the safe level protection and
+              replace methods called in the trusted level.
+            </li>
+
+            <li>
+              An error caused due to directory operations not being
+              properly checked can be exploited to bypass the safe
+              level protection and close untainted directory streams.
+            </li>
+          </ol>
+
+          <p>
+            The vulnerabilities have been reported in version 1.8.4 and
+            prior.
+          </p>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2006-3694</cvename>
+      <url>http://secunia.com/advisories/21009/</url>
+      <url>http://jvn.jp/jp/JVN%2383768862/index.html</url>
+      <url>http://jvn.jp/jp/JVN%2313947696/index.html</url>
+    </references>
+    <dates>
+      <discovery>2006-07-12</discovery>
+      <entry>2006-07-29</entry>
+    </dates>
+  </vuln>
  <vuln vid="dc8c08c7-1e7c-11db-88cf-000c6ec775d9">
    <topic>apache -- mod_rewrite buffer overflow vulnerability</topic>
    <affects>
@ -590,7 +642,7 @@ Note:  Please add new entries to the beginning of this file.
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
        <p>SecurityFocus reports:</p>
-        <blockquote cite="http://http://www.securityfocus.com/bid/18642">
+        <blockquote cite="http://www.securityfocus.com/bid/18642">
          <p>
            Mutt is prone to a remote buffer-overflow vulnerability.
            This issue is due to the application's failure to properly