Detections
Analytics

CVE-2006-3694

critical

Description

Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9983

https://exchange.xforce.ibmcloud.com/vulnerabilities/27725

http://www.vupen.com/english/advisories/2006/2760

http://www.ubuntu.com/usn/usn-325-1

http://www.securityfocus.com/bid/18944

http://www.redhat.com/support/errata/RHSA-2006-0604.html

http://www.osvdb.org/27145

http://www.osvdb.org/27144

http://www.novell.com/linux/security/advisories/2006_21_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2006:134

http://www.debian.org/security/2006/dsa-1157

http://www.debian.org/security/2006/dsa-1139

http://secunia.com/advisories/21749

http://secunia.com/advisories/21657

http://secunia.com/advisories/21598

http://secunia.com/advisories/21337

http://secunia.com/advisories/21272

http://secunia.com/advisories/21236

http://secunia.com/advisories/21233

http://secunia.com/advisories/21009

http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003915.html

http://lists.freebsd.org/pipermail/freebsd-security/2006-July/003907.html

http://jvn.jp/jp/JVN%2383768862/index.html

http://jvn.jp/jp/JVN%2313947696/index.html

Details

Source: Mitre, NVD

Published: 2006-07-21

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical