| CNNVD-ID编号 | CNNVD-200604-376 |
| CVE编号 | CVE-2006-1931 |
| 发布时间 | 2006-04-20 |
| 更新时间 | 2006-04-24 |
| 漏洞类型 | 设计错误 |
| 漏洞来源 | This issue was reported to the vendor by Tanaka Akira |
| 危险等级 | 中危 |
| 威胁类型 | 远程 |
| 厂 商 | yukihiro_matsumoto |
Ruby 1.8.2之前的HTTP/XMLRPC服务器使用阻塞套接字。这使得攻击者可以借助于大量数据造成拒绝服务(阻塞连接) 。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Yukihiro Matsumoto Ruby 1.6
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.6.7
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto ruby-1.8.3.tar.gz
ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
Yukihiro Matsumoto Ruby 1.8
Ubuntu irb1.8_1.8.1+1.8.2pre2-3ubuntu0.4_all.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre2-3ubuntu0.4_all.deb
Ubuntu irb1.8_1.8.1+1.8.2pre4-1ubuntu0.3_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre4-1ubuntu0.3_all.deb
Ubuntu irb1.8_1.8.2-9ubuntu1.1_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.2 -9ubuntu1.1_all.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu 4.10:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
Ubuntu 5.04:
http:/
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
来源: MISC
链接:http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
来源: MISC
链接:链接:ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
来源: XF
名称: ruby-socket-dos(26102)
来源: UBUNTU
名称: USN-273-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-273-1
来源: BID
名称: 17645
来源: REDHAT
名称: RHSA-2006:0427
来源: OSVDB
名称: 24972
来源: SUSE
名称: SUSE-SR:2006:012
链接:http://www.novell.com/linux/security/advisories/2006-06-02.html
来源: MANDRIVA
名称: MDKSA-2006:079
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:079
来源: GENTOO
名称: GLSA-200605-11
链接:http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml
来源: DEBIAN
名称: DSA-1157
来源: SECTRACK
名称: 1015978
来源: SECUNIA
名称: 21657
来源: SECUNIA
名称: 20457
来源: SECUNIA
名称: 20064
来源: SECUNIA
名称: 20024
来源: SECUNIA
名称: 19804
来源: SECUNIA
名称: 19772
来源: SECUNIA
名称: 16904
来源: MANDRIVA
名称: MDKSA-2006:079
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:079