|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200605-11] Ruby: Denial of Service Vulnerability Scan
Vulnerability Scan Summary Ruby: Denial of Service
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200605-11
(Ruby: Denial of Service)
Ruby uses blocking sockets for WEBrick and XMLRPC servers.
Impact
A possible hacker could send large amounts of data to an affected server
to block the socket and thus deny other connections to the server.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1931
http://www.ruby-lang.org/en/20051224.html
Solution:
All Ruby users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/ruby-1.8.4-r1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|