BUGTRAQ ID: 26421
CVE ID:CVE-2007-5770
CNCVE ID:CNCVE-20075770
Yukihiro Matsumoto Ruby是一种解释型的方便快捷的面向对象脚本语言。
Ruby包含的多个库在对X.509证书验证存在问题,远程攻击者可以利用漏洞进行中间人攻击,获得敏感信息。
多个Ruby Net模块处理SSL证书验证存在问题,库没有对SSL服务器证书中的common name (CN)的请求的主机名进行检查,可导致中间人攻击。攻击者借此可嗅探到敏感信息。
Yukihiro Matsumoto Ruby 1.8.6
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.5
Yukihiro Matsumoto Ruby 1.8.4
Yukihiro Matsumoto Ruby 1.8.3
Yukihiro Matsumoto Ruby 1.8.2 pre4
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre3
+ Gentoo Linux
Yukihiro Matsumoto Ruby 1.8.2 pre2
Yukihiro Matsumoto Ruby 1.8.2 pre1
Yukihiro Matsumoto Ruby 1.8.2
+ RedHat Fedora Core4
+ RedHat Fedora Core3
Yukihiro Matsumoto Ruby 1.8.1
+ RedHat Fedora Core3
+ RedHat Fedora Core2
Yukihiro Matsumoto Ruby 1.8
+ RedHat Fedora Core3
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Yukihiro Matsumoto Ruby 1.6.8
Yukihiro Matsumoto Ruby 1.6.7
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Yukihiro Matsumoto Ruby 1.6
RedHat Enterprise Linux Desktop Workstation v. 5 client
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux v. 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
厂商解决方案
2007-10-08的Ruby's SVN库中已经修补此漏洞:
<a href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656" target="_blank">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656</a>
京公网安备 11010502034610号
暂无评论