Main Vulnerability Database SB2018021520

SB2018021520 - Multiple vulnerabilities in RubyGems

Published: February 15, 2018 Updated: April 10, 2018

Security Bulletin ID SB2018021520

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Path traversal (CVE-ID: CVE-2018-1000079)

The vulnerability allows a remote attacker to modify file locations on the target system.

The weakness exists due to the improper handling of pathnames when the affected software installs new components. A remote attacker can persuade the victim into install a malicious RubyGems gem and use directory traversal techniques to write to arbitrary file locations.

2) Improper input validation (CVE-ID: CVE-2018-1000077)

The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.

The weakness exists due to improper URL validation of the specification homepage attribute. A remote attacker can trick the victim into installing a malicious RubyGems gem and set an invalid homepage URL.

3) Path traversal (CVE-ID: CVE-2018-1000073)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the install_location function of package.rb due to path traversal when writing to a symlinked basedir outside of the root. A remote attacker can gain access to potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://blog.rubygems.org/2018/02/15/2.7.6-released.html