SB2018013102 - Ubuntu update for Ruby
Published: January 31, 2018
Security Bulletin ID
SB2018013102
CSH Severity
High
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2017-0901)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
The vulnerability allows a remote attacker to overwrite arbitrary files on the target system.
The weakness exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into installing a specially crafted RubyGem and overwrite arbitrary files.
2) Session hijacking (CVE-ID: CVE-2017-0902)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to hijack the target user's session.
The weakness exists due to improper access control. A remote attacker can hijack DNS sessions.
3) Deserialization of untrusted data (CVE-ID: CVE-2017-0903)
CWE-ID: CWE-502 - Deserialization of Untrusted Data
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to YAML deserialization of gem specifications. A remote attacker can inject an instance of specially crafted serialized objects, gain elevated privileges and execute arbitrary Ruby code on RubyGems.org.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.