Debian update for ruby2.3



Published: 2018-08-01
Risk High
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2017-17405
CVE-2017-17742
CVE-2017-17790
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000075
CVE-2018-1000076
CVE-2018-1000077
CVE-2018-1000078
CVE-2018-1000079
CWE-ID CWE-77
CWE-113
CWE-22
CWE-400
CWE-200
CWE-626
CWE-502
CWE-835
CWE-347
CWE-20
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Debian Linux
Operating systems & Components / Operating system

Vendor Debian

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Command injection

EUVDB-ID: #VU9718

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-17405

CWE-ID: CWE-77 - Command injection

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The weakness exists due to flaws in the Net::FTP. A remote attacker can inject and execute arbitrary commands with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) HTTP response splitting

EUVDB-ID: #VU11537

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17742

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP response splitting attack.

The weakness exists due to improper handling of HTTP requests. If a script accepts an external input and outputs it without modification as a part of HTTP responses, a remote attacker can use newline characters to trick the victim that the HTTP response header is stopped at there and inject fake HTTP responses after the newline characters to show malicious contents to the victim.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Command injection

EUVDB-ID: #VU10848

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17790

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary command on the target system.

The weakness exists in the lazy_initialize function due to command injection. A remote attacker can send a specially crafted request, inject and execute arbitrary commands.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Path traversal

EUVDB-ID: #VU11538

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6914

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the Dir.mktmpdir method in the tmpdir library due to path traversal. A remote attacker can create a directory or a file at any directory in the prefix argument.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Resource exhaustion

EUVDB-ID: #VU11539

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8777

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists a large request in WEBrick. A remote attacker can send a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause the service to crash.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Buffer under-read

EUVDB-ID: #VU11540

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8778

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the String#unpack method due to buffer under-read. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Poison null byte

EUVDB-ID: #VU11541

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8779

CWE-ID: CWE-626 - Null Byte Interaction Error (Poison Null Byte)

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in the UNIXServer.open and UNIXSocket.open methods due to improper checking of null characters. A remote attacker can accept the socket file in the unintentional path.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Path traversal

EUVDB-ID: #VU11542

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8780

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Dir.open, Dir.new, Dir.entries and Dir.empty? methods due to improper checking of NULL characters. A remote attacker can trigger the unintentional directory traversal.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Path traversal

EUVDB-ID: #VU11647

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000073

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the install_location function of package.rb due to path traversal when writing to a symlinked basedir outside of the root. A remote attacker can gain access to potentially sensitive information.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Desereliazation of untrusted data

EUVDB-ID: #VU11650

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000074

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in owner command due to desereliazation of untrusted data. A remote attacker can execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Infinite loop

EUVDB-ID: #VU11649

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000075

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in ruby gem package tar header due to infinite loop. A remote attacker can cause the service to crash.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper verification of cryptographic signature

EUVDB-ID: #VU11648

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000076

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to write arbitrary files on the target system.

The weakness exists in package.rb due to improper verification of cryptographic signature. A remote attacker can install mis-signed gem, as the tarball would contain multiple gem signatures.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU11628

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000077

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.

The weakness exists due to improper URL validation of the specification homepage attribute. A remote attacker can trick the victim into installing a malicious RubyGems gem and set an invalid homepage URL.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Cross-site scripting

EUVDB-ID: #VU11651

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000078

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Path traversal

EUVDB-ID: #VU11615

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000079

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to modify file locations on the target system.

The weakness exists due to the improper handling of pathnames when the affected software installs new components. A remote attacker can persuade the victim into install a malicious RubyGems gem and use directory traversal techniques to write to arbitrary file locations.

Mitigation

Update the affected package to version: 2.3.3-1+deb9u3

Vulnerable software versions

Debian Linux: All versions

External links

http://www.debian.org/security/2018/dsa-4259


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###