CVE-2017-17790 - Injection vulnerability in Ruby-Lang Ruby

ID

ID

CVE-2017-17790
Last update

Last update

2018-08-03
Published

Published

2017-12-20
Summary

Summary

The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations with untrusted input may be highly unlikely.
Vulnerable Configurations

Vulnerable Configurations

CVSS

CVSS

Base: 7.5 (as of 03-08-2018 - 01:29)
Impact: n/a
Exploitability: n/a
CWE

CWE

CWE-74 - Injection
CAPEC

CAPEC

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
Access

Access

Vector Complexity Authentication
NETWORK LOW NONE
Impact

Impact

Confidentiality Integrity Availability
PARTIAL PARTIAL PARTIAL
Nessus

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1029.NASL
    descriptionAccording to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a
    last seen2020-01-01
    modified2020-01-02
    plugin id106404
    published2018-01-29
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106404
    titleEulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1029)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-1FFFA787E7.NASL
    descriptionFix: Multiple vulnerabilities in RubyGems https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities- in-rubygems/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-01-01
    modified2020-01-02
    plugin id107280
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107280
    titleFedora 26 : ruby (2018-1fffa787e7)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1030.NASL
    descriptionAccording to the version of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a
    last seen2020-01-01
    modified2020-01-02
    plugin id106405
    published2018-01-29
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106405
    titleEulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1030)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-983.NASL
    descriptionPath traversal when writing to a symlinked basedir outside of the root RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073) Improper verification of signatures in tarball allows to install mis-signed gem : RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076) Infinite loop vulnerability due to negative size in tar header causes Denial of Service RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075) Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution : The
    last seen2020-01-01
    modified2020-01-02
    plugin id109136
    published2018-04-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109136
    titleAmazon Linux 2 : ruby (ALAS-2018-983)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-40ED78700C.NASL
    descriptionFix: Multiple vulnerabilities in RubyGems https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities- in-rubygems/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-01-01
    modified2020-01-02
    plugin id107125
    published2018-03-05
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107125
    titleFedora 27 : ruby (2018-40ed78700c)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0013_LIBTIFF.NASL
    descriptionAn update of the libtiff package has been released.
    last seen2020-01-01
    modified2020-01-02
    plugin id121910
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121910
    titlePhoton OS 2.0: Libtiff PHSA-2018-2.0-0013
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0100.NASL
    descriptionAn update of 'ruby' packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111912
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111912
    titlePhoton OS 1.0: Ruby PHSA-2018-1.0-0100 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1066.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) - A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id108470
    published2018-03-20
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108470
    titleEulerOS 2.0 SP1 : ruby (EulerOS-SA-2018-1066)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0378.NASL
    descriptionAn update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es) : * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) * A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id107082
    published2018-03-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107082
    titleRHEL 7 : ruby (RHSA-2018:0378)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1248.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a
    last seen2020-01-01
    modified2020-01-02
    plugin id117557
    published2018-09-18
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/117557
    titleEulerOS Virtualization 2.5.0 : ruby (EulerOS-SA-2018-1248)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1067.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) - A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id108471
    published2018-03-20
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108471
    titleEulerOS 2.0 SP2 : ruby (EulerOS-SA-2018-1067)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1407.NASL
    descriptionAccording to the versions of the ruby packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module.(CVE-2017-17405) - The
    last seen2020-01-01
    modified2020-01-02
    plugin id124910
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124910
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : ruby (EulerOS-SA-2019-1407)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0013.NASL
    descriptionAn update of {'libtiff', 'openjdk8', 'ruby'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111283
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111283
    titlePhoton OS 2.0 : libtiff / openjdk8 / ruby (PhotonOS-PHSA-2018-2.0-0013) (deprecated)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1221.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary commands. CVE-2017-17790 A command injection vulnerability in lib/resolv.rb
    last seen2020-01-01
    modified2020-01-02
    plugin id105428
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105428
    titleDebian DLA-1221-1 : ruby1.9.1 security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180228_RUBY_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) - A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id107084
    published2018-03-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107084
    titleScientific Linux Security Update : ruby on SL7.x x86_64
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0013_RUBY.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has ruby packages installed that are affected by multiple vulnerabilities: - A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter
    last seen2020-01-01
    modified2020-01-02
    plugin id127164
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127164
    titleNewStart CGSL MAIN 5.04 : ruby Multiple Vulnerabilities (NS-SA-2019-0013)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-0378.NASL
    descriptionAn update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es) : * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) * A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id107270
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107270
    titleCentOS 7 : ruby (CESA-2018:0378)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3528-1.NASL
    descriptionIt was discovered that Ruby incorrectly handled certain terminal emulator escape sequences. An attacker could use this to execute arbitrary code via a crafted user name. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-10784) It was discovered that Ruby incorrectly handled certain strings. An attacker could use this to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14033) It was discovered that Ruby incorrectly handled some generating JSON. An attacker could use this to possible expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2017-14064) It was discovered that Ruby incorrectly handled certain inputs. An attacker could use this to execute arbitrary code. (CVE-2017-17790). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-01-01
    modified2020-01-02
    plugin id105751
    published2018-01-11
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105751
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : ruby1.9.1, ruby2.3 vulnerabilities (USN-3528-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL
    descriptionAn update of the openjdk8 package has been released.
    last seen2020-01-01
    modified2020-01-02
    plugin id121911
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121911
    titlePhoton OS 2.0: Openjdk8 PHSA-2018-2.0-0013
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4259.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure. This update also fixes several issues in RubyGems which could allow an attacker to use specially crafted gem files to mount cross-site scripting attacks, cause denial of service through an infinite loop, write arbitrary files, or run malicious code.
    last seen2020-01-01
    modified2020-01-02
    plugin id111468
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111468
    titleDebian DSA-4259-1 : ruby2.3 - security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1222.NASL
    descriptionSeveral vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2017-17405 A command injection vulnerability in Net::FTP might allow a malicious FTP server the execution of arbitrary commands. CVE-2017-17790 A command injection vulnerability in lib/resolv.rb
    last seen2020-01-01
    modified2020-01-02
    plugin id105429
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/105429
    titleDebian DLA-1222-1 : ruby1.8 security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-983.NASL
    descriptionPath traversal when writing to a symlinked basedir outside of the root RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Directory Traversal vulnerability in install_location function of package.rb that can result in path traversal when writing to a symlinked basedir outside of the root. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000073) Improper verification of signatures in tarball allows to install mis-signed gem : RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Verification of Cryptographic Signature vulnerability in package.rb that can result in a mis-signed gem could be installed, as the tarball would contain multiple gem signatures.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000076) Infinite loop vulnerability due to negative size in tar header causes Denial of Service RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a infinite loop caused by negative size vulnerability in ruby gem package tar header that can result in a negative size could cause an infinite loop.. This vulnerability appears to have been fixed in 2.7.6. (CVE-2018-1000075) Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution : The
    last seen2020-01-01
    modified2020-01-02
    plugin id108846
    published2018-04-06
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108846
    titleAmazon Linux AMI : ruby20 / ruby22,ruby23,ruby24 (ALAS-2018-983)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0013_RUBY.NASL
    descriptionAn update of the ruby package has been released.
    last seen2020-01-01
    modified2020-01-02
    plugin id121912
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121912
    titlePhoton OS 2.0: Ruby PHSA-2018-2.0-0013
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0100_RUBY.NASL
    descriptionAn update of the ruby package has been released.
    last seen2020-01-01
    modified2020-01-02
    plugin id121801
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121801
    titlePhoton OS 1.0: Ruby PHSA-2018-1.0-0100
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1421.NASL
    descriptionMultiple vulnerabilities were found in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-9096 SMTP command injection in Net::SMTP via CRLF sequences in a RCPT TO or MAIL FROM command. CVE-2016-2339 Exploitable heap overflow in Fiddle::Function.new. CVE-2016-7798 Incorrect handling of initialization vector in the GCM mode in the OpenSSL extension. CVE-2017-0898 Buffer underrun vulnerability in Kernel.sprintf. CVE-2017-0899 ANSI escape sequence vulnerability in RubyGems. CVE-2017-0900 DoS vulnerability in the RubyGems query command. CVE-2017-0901 gem installer allowed a malicious gem to overwrite arbitrary files. CVE-2017-0902 RubyGems DNS request hijacking vulnerability. CVE-2017-0903 Max Justicz reported that RubyGems is prone to an unsafe object deserialization vulnerability. When parsed by an application which processes gems, a specially crafted YAML formatted gem specification can lead to remote code execution. CVE-2017-10784 Yusuke Endoh discovered an escape sequence injection vulnerability in the Basic authentication of WEBrick. An attacker can take advantage of this flaw to inject malicious escape sequences to the WEBrick log and potentially execute control characters on the victim
    last seen2020-01-01
    modified2020-01-02
    plugin id111081
    published2018-07-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111081
    titleDebian DLA-1421-1 : ruby2.1 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-0378.NASL
    descriptionFrom Red Hat Security Advisory 2018:0378 : An update for ruby is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es) : * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) * A buffer underflow was found in ruby
    last seen2020-01-01
    modified2020-01-02
    plugin id107080
    published2018-03-01
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107080
    titleOracle Linux 7 : ruby (ELSA-2018-0378)
Redhat

Redhat

advisories
  • bugzilla
    id1528218
    titleCVE-2017-17790 ruby: Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code execution
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070026004
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentrubygem-rdoc is earlier than 0:4.0.0-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378001
          • commentrubygem-rdoc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912006
        • AND
          • commentruby-irb is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378003
          • commentruby-irb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910018
        • AND
          • commentrubygems is earlier than 0:2.0.14.1-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378005
          • commentrubygems is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131441002
        • AND
          • commentrubygem-bigdecimal is earlier than 0:1.2.0-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378007
          • commentrubygem-bigdecimal is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912016
        • AND
          • commentrubygem-json is earlier than 0:1.7.7-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378009
          • commentrubygem-json is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912012
        • AND
          • commentruby is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378011
          • commentruby is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910014
        • AND
          • commentruby-libs is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378013
          • commentruby-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910010
        • AND
          • commentrubygem-io-console is earlier than 0:0.4.2-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378015
          • commentrubygem-io-console is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912008
        • AND
          • commentrubygem-psych is earlier than 0:2.0.0-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378017
          • commentrubygem-psych is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912018
        • AND
          • commentruby-tcltk is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378019
          • commentruby-tcltk is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910008
        • AND
          • commentruby-devel is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378021
          • commentruby-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20110910006
        • AND
          • commentrubygems-devel is earlier than 0:2.0.14.1-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378023
          • commentrubygems-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912028
        • AND
          • commentrubygem-rake is earlier than 0:0.9.6-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378025
          • commentrubygem-rake is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912026
        • AND
          • commentruby-doc is earlier than 0:2.0.0.648-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378027
          • commentruby-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912024
        • AND
          • commentrubygem-minitest is earlier than 0:4.3.2-33.el7_4
            ovaloval:com.redhat.rhsa:tst:20180378029
          • commentrubygem-minitest is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20141912030
    rhsa
    idRHSA-2018:0378
    released2018-02-28
    severityImportant
    titleRHSA-2018:0378: ruby security update (Important)
  • rhsa
    idRHSA-2018:0583
  • rhsa
    idRHSA-2018:0584
  • rhsa
    idRHSA-2018:0585
rpms
  • rubygem-rdoc-0:4.0.0-33.el7_4
  • ruby-irb-0:2.0.0.648-33.el7_4
  • rubygems-0:2.0.14.1-33.el7_4
  • rubygem-bigdecimal-0:1.2.0-33.el7_4
  • rubygem-json-0:1.7.7-33.el7_4
  • ruby-0:2.0.0.648-33.el7_4
  • ruby-libs-0:2.0.0.648-33.el7_4
  • rubygem-io-console-0:0.4.2-33.el7_4
  • rubygem-psych-0:2.0.0-33.el7_4
  • ruby-tcltk-0:2.0.0.648-33.el7_4
  • ruby-devel-0:2.0.0.648-33.el7_4
  • rubygems-devel-0:2.0.14.1-33.el7_4
  • rubygem-rake-0:0.9.6-33.el7_4
  • ruby-doc-0:2.0.0.648-33.el7_4
  • rubygem-minitest-0:4.3.2-33.el7_4
Refmap

Refmap

confirmhttps://github.com/ruby/ruby/pull/1777
debianDSA-4259
mlist
  • [debian-lts-announce] 20171225 [SECURITY] [DLA 1221-1] ruby1.9.1 security update
  • [debian-lts-announce] 20171225 [SECURITY] [DLA 1222-1] ruby1.8 security update
  • [debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update
References

References