CVE-2006-3694 Information

Description

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass \safe level\ checks via unspecified vectors involving (1) the alias function and (2) \directory operations.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://jvn.jp/jp/JVN2313947696/index.html http://jvn.jp/jp/JVN2383768862/index.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html http://secunia.com/advisories/21009 http://secunia.com/advisories/21233 http://secunia.com/advisories/21236 http://secunia.com/advisories/21272 http://secunia.com/advisories/21337 http://secunia.com/advisories/21598 http://secunia.com/advisories/21657 http://secunia.com/advisories/21749 http://www.debian.org/security/2006/dsa-1139 http://www.debian.org/security/2006/dsa-1157 http://www.mandriva.com/security/advisories?name=MDKSA-2006:134 http://www.novell.com/linux/security/advisories/2006_21_sr.html http://www.osvdb.org/27144 http://www.osvdb.org/27145 http://www.redhat.com/support/errata/RHSA-2006-0604.html http://www.securityfocus.com/bid/18944 http://www.ubuntu.com/usn/usn-325-1 http://www.vupen.com/english/advisories/2006/2760 https://exchange.xforce.ibmcloud.com/vulnerabilities/27725 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9983