SB2017010603 - Multiple vulnerabilities in Ruby

Security Bulletin ID SB2017010603

Severity

High

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2016-2336)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Type confusion exists in two methods of Ruby's WIN32OLE class, ole_invoke and ole_query_interface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

2) Input validation error (CVE-ID: CVE-2016-2337)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a>

3) Buffer overflow (CVE-ID: CVE-2016-2339)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An exploitable heap overflow vulnerability exists in the Fiddle::Function.new "initialize" function functionality of Ruby. In Fiddle::Function.new "initialize" heap buffer "arg_types" allocation is made based on args array length. Specially constructed object passed as element of args array can increase this array size after mentioned allocation and cause heap overflow.

Remediation

Install update from vendor's website.

SB2017010603 - Multiple vulnerabilities in Ruby

Breakdown by Severity

Description

Remediation

References

Please verify you're human