Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5770

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5770
Last Modified 07 Mar 2011 10:01:16
Published 13 Nov 2007 08:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5770

Summary

The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, and (5) Net::smtp libraries in Ruby 1.8.5 and 1.8.6 do not verify that the commonName (CN) field in a server certificate matches the domain name in a request sent over SSL, which makes it easier for remote attackers to intercept SSL transmissions via a man-in-the-middle attack or spoofed web site, different components than CVE-2007-5162.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.5

  • Ruby-lang Ruby 1.8.6


References

CERT - TA07-352A

REDHAT - RHSA-2007:0965

SECUNIA - 27673

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=362081

VUPEN - ADV-2007-4238

SECTRACK - 1018938

BID - 26421

REDHAT - RHSA-2007:0961

SUSE - SUSE-SR:2007:024

MANDRIVA - MDVSA-2008:029

DEBIAN - DSA-1412

DEBIAN - DSA-1411

DEBIAN - DSA-1410

CONFIRM - http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13656

SECUNIA - 28645

SECUNIA - 28136

SECUNIA - 27818

SECUNIA - 27769

SECUNIA - 27764

SECUNIA - 27756

SECUNIA - 27576

SECUNIA - 26985

APPLE - APPLE-SA-2007-12-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179

UBUNTU - USN-596-1

SECUNIA - 29556

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 PPC)

Apple 2007-12-17 Security Update 2007-009 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 Universal)


Last Updated: 27 May 2016 10:46:16