GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 10, 2006 7:26 am Post subject: [ GLSA 200605-11 ] Ruby: Denial of Service |
 |
|
Gentoo Linux Security Advisory
Title: Ruby: Denial of Service (GLSA 200605-11)
Severity: normal
Exploitable: remote
Date: May 10, 2006
Bug(s): #130657
ID: 200605-11
Synopsis
Ruby WEBrick and XMLRPC servers are vulnerable to Denial of Service.
Background
Ruby is an interpreted scripting language for quick and easy
object-oriented programming. It comes bundled with HTTP ("WEBrick") and
XMLRPC server objects.
Affected Packages
Package: dev-lang/ruby
Vulnerable: < 1.8.4-r1
Unaffected: >= 1.8.4-r1
Architectures: All supported architectures
Description
Ruby uses blocking sockets for WEBrick and XMLRPC servers.
Impact
An attacker could send large amounts of data to an affected server
to block the socket and thus deny other connections to the server.
Workaround
There is no known workaround at this time.
Resolution
All Ruby users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1" |
References
CVE-2006-1931
Ruby release announcement
Last edited by GLSA on Tue Nov 05, 2013 4:22 am; edited 4 times in total |
|
News & Announcements
