CVE-2006-1931
CVSS5.0
发布时间 :2006-04-20 17:02:00
修订时间 :2010-08-21 00:45:34
NMCOPS    

[原文]The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data.


[CNNVD]Ruby XMLRPC服务器拒绝服务漏洞 (CNNVD-200604-376)

        Ruby 1.8.2之前的HTTP/XMLRPC服务器使用阻塞套接字。这使得攻击者可以借助于大量数据造成拒绝服务(阻塞连接) 。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:yukihiro_matsumoto:ruby:1.6.6
cpe:/a:yukihiro_matsumoto:ruby:1.6.3
cpe:/a:yukihiro_matsumoto:ruby:1.6.4
cpe:/a:yukihiro_matsumoto:ruby:1.6.5
cpe:/a:yukihiro_matsumoto:ruby:1.6.1
cpe:/a:yukihiro_matsumoto:ruby:1.6.2
cpe:/a:yukihiro_matsumoto:ruby:1.8.1
cpe:/a:yukihiro_matsumoto:ruby:1.8
cpe:/a:yukihiro_matsumoto:ruby:1.6.7
cpe:/a:yukihiro_matsumoto:ruby:1.6

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11100The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections)...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1931
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-376
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
(PATCH)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540
http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
(PATCH)  MISC  http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-dev/27787
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
(PATCH)  MISC  ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-webrick-dos-1.patch
http://xforce.iss.net/xforce/xfdb/26102
(UNKNOWN)  XF  ruby-socket-dos(26102)
http://www.ubuntulinux.org/support/documentation/usn/usn-273-1
(UNKNOWN)  UBUNTU  USN-273-1
http://www.securityfocus.com/bid/17645
(UNKNOWN)  BID  17645
http://www.redhat.com/support/errata/RHSA-2006-0427.html
(UNKNOWN)  REDHAT  RHSA-2006:0427
http://www.osvdb.org/24972
(UNKNOWN)  OSVDB  24972
http://www.novell.com/linux/security/advisories/2006-06-02.html
(UNKNOWN)  SUSE  SUSE-SR:2006:012
http://www.mandriva.com/security/advisories?name=MDKSA-2006:079
(UNKNOWN)  MANDRIVA  MDKSA-2006:079
http://www.gentoo.org/security/en/glsa/glsa-200605-11.xml
(UNKNOWN)  GENTOO  GLSA-200605-11
http://www.debian.org/security/2006/dsa-1157
(UNKNOWN)  DEBIAN  DSA-1157
http://securitytracker.com/id?1015978
(UNKNOWN)  SECTRACK  1015978
http://secunia.com/advisories/21657
(UNKNOWN)  SECUNIA  21657
http://secunia.com/advisories/20457
(UNKNOWN)  SECUNIA  20457
http://secunia.com/advisories/20064
(UNKNOWN)  SECUNIA  20064
http://secunia.com/advisories/20024
(UNKNOWN)  SECUNIA  20024
http://secunia.com/advisories/19804
(UNKNOWN)  SECUNIA  19804
http://secunia.com/advisories/19772
(UNKNOWN)  SECUNIA  19772
http://secunia.com/advisories/16904
(UNKNOWN)  SECUNIA  16904
ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch
(UNKNOWN)  MISC  ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.2-xmlrpc-dos-1.patch

- 漏洞信息

Ruby XMLRPC服务器拒绝服务漏洞
中危 设计错误
2006-04-20 00:00:00 2006-04-24 00:00:00
远程  
        Ruby 1.8.2之前的HTTP/XMLRPC服务器使用阻塞套接字。这使得攻击者可以借助于大量数据造成拒绝服务(阻塞连接) 。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Yukihiro Matsumoto Ruby 1.6
        Yukihiro Matsumoto ruby-1.8.3.tar.gz
        ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
        Yukihiro Matsumoto Ruby 1.6.7
        Yukihiro Matsumoto ruby-1.8.3.tar.gz
        ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
        Yukihiro Matsumoto Ruby 1.6.8
        Yukihiro Matsumoto ruby-1.8.3.tar.gz
        ftp://ftp.ruby-lang.org/pub/ruby/ruby-1.8.3.tar.gz
        Yukihiro Matsumoto Ruby 1.8
        Ubuntu irb1.8_1.8.1+1.8.2pre2-3ubuntu0.4_all.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre2-3ubuntu0.4_all.deb
        Ubuntu irb1.8_1.8.1+1.8.2pre4-1ubuntu0.3_all.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.1 +1.8.2pre4-1ubuntu0.3_all.deb
        Ubuntu irb1.8_1.8.2-9ubuntu1.1_all.deb
        Ubuntu 5.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/irb1.8_1.8.2 -9ubuntu1.1_all.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu libbigdecimal-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libbigdecima l-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_amd64.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu libcurses-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libcurses-ru by1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
        Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_i386.deb
        Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu 4.10:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre2-3ubuntu0.4_powerpc.deb
        Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_amd64.deb
        Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu 5.04:
        http://security.ubuntu.com/ubuntu/pool/universe/r/ruby1.8/libdbm-ruby1 .8_1.8.1+1.8.2pre4-1ubuntu0.3_i386.deb
        Ubuntu libdbm-ruby1.8_1.8.1+1.8.2pre4-1ubuntu0.3_powerpc.deb
        Ubuntu 5.04:
        http:/

- 漏洞信息 (F49489)

Debian Linux Security Advisory 1157-1 (PacketStormID:F49489)
2006-08-28 00:00:00
Debian  debian.org
advisory,denial of service,vulnerability,ruby
linux,debian
CVE-2006-3694,CVE-2006-1931
[点击下载]

Debian Security Advisory 1157-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to the bypass of security restrictions or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1157-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 27th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ruby1.8
Vulnerability  : several
Problem-Type   : local/remote
Debian-specific: no
CVE ID         : CVE-2006-3694 CVE-2006-1931
Debian Bug     : 378029 365520

Several vulnerabilities have been discovered in the interpreter for the
Ruby language, which may lead to the bypass of security restrictions or
denial of service. The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2006-1931

    It was discovered that the use of blocking sockets can lead to denial
    of service.

CVE-2006-3964

    It was discovered that Ruby does not properly maintain "safe levels"
    for aliasing, directory accesses and regular expressions, which might
    lead to a bypass of security restrictions.

For the stable distribution (sarge) these problem have been fixed in
version 1.8.2-7sarge4.

For the stable distribution (sarge) these problem have been fixed in
version 1.8.4-3.

We recommend that you upgrade your Ruby packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4.dsc
      Size/MD5 checksum:     1024 0f42db3f568c8a28797041bc76742a7b
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4.diff.gz
      Size/MD5 checksum:   535830 da280b20362a19963108500d237c3a8f
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
      Size/MD5 checksum:  3623780 4bc5254bec262d18cf1ceef03aae8bdf

  Architecture independent components:

    http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge4_all.deb
      Size/MD5 checksum:   166472 c82c13c986fda2d4e64c72cf3e368ca6
    http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge4_all.deb
      Size/MD5 checksum:   234400 f40e4c9ddff692869af976134de0704a
    http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge4_all.deb
      Size/MD5 checksum:   704702 094e28cb85bcf7804cd7eeb84cff6e1f
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge4_all.deb
      Size/MD5 checksum:   142548 dc06a6a0d4ae14b04ea3b21b92e66997
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge4_all.deb
      Size/MD5 checksum:   216598 603b6d3361826f30226b7b8b1f2a9c93

  Alpha architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   136026 807f7fda3208e977b2bffdf649bd2166
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   137576 d858c25b2b1390a9fe888af573176c1b
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   237652 adde3854460982f99debe4d0dd4e3611
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   133486 dc5240098ab298aa839d5b8953f06336
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:  1468512 7f23445d54c15533296abc18317f3d6e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   827130 7ec4b9f408ede065e8cc4fe77c7aa1aa
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:  1450272 04aa5f52204fb26ac63fbac27101f9cc
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   152018 8aa3bb2213a4e9bc7f53ce250676edaf
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_alpha.deb
      Size/MD5 checksum:   796146 38ebfeb190ebd27bd3230ae155e3afdc

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   135380 dcd3a9b7ed2debe1192eafd811cc2a30
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   136864 972f42e18a6455acdf0ed0e45e3fe7e3
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   234106 34413e0afb46cb5d577e8baef662a63e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   132698 e951c72555b76c479b70a6110c8993d2
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:  1392474 6110d5660508195defca1dd1f65477da
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   780828 23c14bdfef75c3dfe0fd32914e74cd37
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:  1446784 aa3b824ba6533e9b1ce9ecfdf84f401e
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   151690 f787d84515ecf0b3cbba386a242deb37
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_amd64.deb
      Size/MD5 checksum:   649210 1f3dea3652f874a9cb3cbb4cc6d77ba1

  ARM architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   134428 4a362966ed1ad169e878c6408dcd48e7
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   135530 43c141fd022dd720e0463990be7c15d0
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   222454 b9d6211eaad9a7247e32dfa7836e6c83
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   131800 8c52d291f37faa0a38863c3a1f8eb284
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:  1348400 2c4390fcc2f207187b7978cf6b5925f7
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   743880 e4acd222cbcd2b445104a1a3647cb177
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:  1441128 fb9d0a695992a182688cdedb357f564a
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   151516 686852b27971731b433616500a40758a
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_arm.deb
      Size/MD5 checksum:   660510 fb8a5bffad8fffaeccde7119727c2ac5

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   134974 9a562d9d0e760290d518c70fb43b1d03
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   136230 189c3922b12e4edad0f4f295cf9ef20c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   224910 ec8a78d370769c1c64be9f4469637db1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   131962 7f4440175d0bfabf3cbb9d0fbf1e77fe
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:  1349876 b16401fe0f1c0c5a0394434895d03bce
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   758398 225bcd1dccde74c40d9cb481651eeb52
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:  1440060 a558caaed9f6b83b7308e3d7e7577db8
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   151532 3beddf1ae51a2725f8bf1877da2a4dba
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_i386.deb
      Size/MD5 checksum:   622656 1c8f2def939b021de558de46e6b716ac

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   138634 64b224087992880a7f0a67b334fe135e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   140474 6dd684c7a416f3d61b4410b1d595dafb
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   265676 9820368a516fae339f0944a19b643833
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   135826 4a7f21b331a3b72b2a5afe5d281ef47e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:  1704080 b88a562c3b95a1fe4c39b41f936020e9
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   998702 59784e3a7aa62bf754012b54b8666a53
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:  1462992 82815c6dd500ea9048d48373c6df0fd5
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   152426 1edf23fe3ee94ed0779f9d17c6f6a45d
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_ia64.deb
      Size/MD5 checksum:   867604 a36fd72bf3830bb3ff8fbdf8958bfc94

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   136584 e73699a1e393cdc62240474957a64edc
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   138254 612dc4a3b954713ee5a976fdd80bfa46
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   246920 ea9227aa042a57c9564257fc4b62a5fb
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   133754 434e4204ccf113ff9be4c3173c06ff06
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:  1501082 b48824cb69d09c776fa4256aa2b57280
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   840010 f6fc7ee7a7d01e3c3a68d90f8102afb4
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:  1453678 d877e7fb7c7728993b842f6d03217759
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   152086 8f7c0cd93ed8929dec058b2e11ff1645
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_hppa.deb
      Size/MD5 checksum:   736084 22eb743d8899fccc9d820265a5e76e5a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   134464 798af7f09557e268a4433d199666b333
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   135854 cad46d59bc0a0b56d3a4471ed631ca06
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   230828 33f456639bbf803958fd4850e565aa63
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   132144 172851ed73cdf8781c284d61fb41ec13
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:  1332946 777e0a410960a5913e32cf420ddfc46d
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   730192 2d6c4b987120f0def85f9dd37b05bd1c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:  1439628 eb8dd3c1c74d95d58286f32f6a4842e3
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   151472 7ff1674935d95c5791258a0e49551acb
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_m68k.deb
      Size/MD5 checksum:   553242 498fa7137cd27bfe7620cf0213374ff9

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   134234 d657ed24d30b806aa7a12f47caa5e4a7
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   135612 61542850bde3de58214669b7237164b1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   215544 d01de62331e23d10f93381e8843c762e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   131698 f39973c63a3bd368e0d65dd4b25374d6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:  1356152 64bf3bd8441ef587257d891bb2f729c7
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   763910 3ad50b753b362dead5b474f0bbd368a3
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:  1435982 689bd249dd3c1202c2d04f2f33626a97
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   152230 8b36c427af4e96a19e62cf3f686c5593
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_mips.deb
      Size/MD5 checksum:   684368 39ce72ac5f5d9d745bcf71ceb876a210

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   134254 79d0e90d64559a1501af99132b0005ff
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   135630 5271715069daca9838d48cb1ea49accd
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   214754 ae4da5a0ee84d4c9c9709db2c2cad248
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   131652 251d198e728430a49ff2329f81088456
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:  1357480 1041e000f2d8d3396aa5cf65a65bbedd
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   756756 c57e993c474674c7ce3089373183969c
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:  1436182 a9bb10ff23d231dbd7fab5720011ec04
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   152224 abdac4a527eceb9a58476b0546a94991
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_mipsel.deb
      Size/MD5 checksum:   678050 72b5db16d8aa6c0db7e1f6cdf9be79a1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   136824 1d9a81582e6c6cc547e169e667764dd1
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   137962 f3f2a9a88fa8ba3c5c0b9f19b306f65f
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   225128 215bc28c59e3251f0e8c854595e62d83
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   133864 6ab0ddb8daf572db17b93967e66ab9b3
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:  1406320 ca5f961b26176cc09d14048ec74620bb
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   970362 572eca14b9e1c450ff04b63d1ccb3b60
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:  1444440 2f85e5980c7e6f8c739fd393cf40701f
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   153378 4cd32ff52f2b3dcf7310de81ae9274d5
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_powerpc.deb
      Size/MD5 checksum:   621308 d23cb8ae442ea90399f1be4a72b442a3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   135864 9fc3a9279aab669468bfad78272210c6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   137214 6dd7156cf52f298684bdeb708498b128
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   239952 2667501f4051b98e4aea702235b67e39
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   133186 b857fd038443aef31f24b1b01f69add2
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:  1430936 5edf502941f45ccdfe0788a8ac6541f6
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   907238 e030a50747a33697c6d014994aef1880
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:  1447266 6d94a1aca2c0af2d35498546f8295dd2
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   151754 a0d0d7e1b6c84b2b016e237d93c3e661
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_s390.deb
      Size/MD5 checksum:   674872 9ae782c6490cb7850c6c5d2682913f74

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   134710 c4bb2481647668fa28a689a31b32ec31
    http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   135914 cad4055bf2961a3b485b7efdcf731c1b
    http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   229118 ff817082c3471dbfb99b521fbabead6e
    http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   132048 bb79fcefcfb42e1bfe795a179d4427cc
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:  1373166 92368a140ed723edc6a815101629a80b
    http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   748322 2f5752f34fcdc9ef9671f9f426a3bdb5
    http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:  1442042 909963575c3327811d103e0aa90dc7c3
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   151530 0ff292238fd5cb4aaff674f350e77317
    http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge4_sparc.deb
      Size/MD5 checksum:   646728 488c84bd4b6e2c1523f032c2a8009800


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE8fdaXm3vHE4uyloRAkynAKCQq2h7VEzQLJElpfOm8MTgGUhuJwCgxoFP
xzbrrMuuoX+dhiegwoupB0M=
=fGUS
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

24972
Ruby HTTP/XMLRPC Blocking Sockets DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-11-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Yukihiro Matsumoto Ruby XMLRPC Server Denial of Service Vulnerability
Design Error 17645
Yes No
2006-04-21 12:00:00 2006-12-14 06:18:00
This issue was reported to the vendor by Tanaka Akira <akr m17n.org>.

- 受影响的程序版本

Yukihiro Matsumoto Ruby 1.8.2
+ Red Hat Fedora Core4
+ Red Hat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
+ Red Hat Fedora Core3
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.6.7
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Yukihiro Matsumoto Ruby 1.6
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop version 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Yukihiro Matsumoto Ruby 1.8.3

- 不受影响的程序版本

Yukihiro Matsumoto Ruby 1.8.3

- 漏洞讨论

Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server.

This issue allows remote attackers to cause affected webservers to fail to respond to further legitimate requests.

Ruby versions prior to 1.8.3 are affected by this issue.

- 漏洞利用

Attackers exploit this issue with standard network utilities.

The following Ruby command will issue a request sufficient to trigger this issue:

ruby -rsocket -e 'TCPSocket.open("www.example.com", 10080) {|s|
s.print "GET /z HTTP/1.0\r\n\r\n"
sleep
}'

This is demonstrated to work with the Ruby demonstration 'httpd.rb' file. By placing a 100k file in the document root of the demonstration server called 'z', and then executing this Ruby command, further requests will be denied.

- 解决方案

Ruby version 1.8.3 is available to address this issue. Patches for version 1.8.2 are also available.

Please see the references for more information and vendor advisories.


Yukihiro Matsumoto Ruby 1.6

Yukihiro Matsumoto Ruby 1.6.7

Yukihiro Matsumoto Ruby 1.6.8

Yukihiro Matsumoto Ruby 1.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站