OpenPKG Security Advisory
OpenPKG-SA-2006.030
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2006.030 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2006.030 Advisory Published: 2008-08-07 22:01 UTC Issue Id (internal): OpenPKG-SI-20061104.02 Issue First Created: 2006-11-04 Issue Last Modified: 2006-12-07 Issue Revision: 07
Subject Name: Ruby Subject Summary: The Ruby Scripting Language Subject Home: http://www.ruby-lang.org/ Subject Versions: * <= 1.8.5 Vulnerability Id: CVE-2006-5467 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: denial of service Description: According to a vendor security information [0], a Denial of Service (DoS) vulnerability exists in the CGI library of the programming language Ruby [1], versions up to and including 1.8.5. The problem is triggered by sending the library an HTTP request that uses multipart MIME encoding and has an invalid boundary specifier that begins with "-" instead of "--". Once triggered it will exhaust all available memory resources effectively creating a DoS condition. References: [0] http://www.ruby-lang.org/en/news/2006/11/03/CVE-2006-5467/ [1] http://www.ruby-lang.org/
Primary Package Name: ruby Primary Package Home: http://openpkg.org/go/package/ruby Affected Distribution: Affected Branch: Affected Package: OpenPKG Enterprise E1.0-SOLID ruby-1.8.5-E1.0.0 OpenPKG Community 2-STABLE-20061018 ruby-1.8.5-2.20061020 OpenPKG Community CURRENT ruby-1.8.5-20061013 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Enterprise E1.0-SOLID ruby-1.8.5-E1.0.1 OpenPKG Community 2-STABLE-20061018 ruby-1.8.5-2.20061104 OpenPKG Community CURRENT ruby-1.8.5-20061104
