Multiple vulnerability in Ruby RubyGems

1) Denial of service

EUVDB-ID: #VU8055

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0900

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local attacker can supply a specially crafted 'query' command and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 2.6.13.

Vulnerable software versions

RubyGems: 2.2.0 - 2.4.1

External links

http://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

EUVDB-ID: #VU8056

Risk: Low

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0899

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to unknown error. A remote attacker can escape ANSI.

Mitigation

Update to version 2.6.13.

Vulnerable software versions

RubyGems: 2.2.0 - 2.4.1

External links

http://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU8057

Risk: Medium

CVSSv3.1: 7.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-0901

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the target system.

The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into installing a specially crafted RubyGem and overwrite arbitrary files.

Mitigation

Update to version 2.6.13.

Vulnerable software versions

RubyGems: 2.2.0 - 2.4.1

External links

http://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Session hijacking

EUVDB-ID: #VU8058

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0902

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to hijack the target user's session.

The weakness exists due to improper access control. A remote attacker can hijack DNS sessions.

Mitigation

Update to version 2.6.13.

Vulnerable software versions

RubyGems: 2.2.0 - 2.4.1

External links

http://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.