#VU15724 Security restrictions bypass in Ruby


Published: 2018-11-06

Vulnerability identifier: #VU15724

Vulnerability risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16395

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ruby
Universal components / Libraries / Scripting languages

Vendor: Ruby

Description
The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in OpenSSL::X509::Name due to the equality check is not correct if the value of an entity of the argument (right-hand side) starts with the value of the receiver (left-hand side). A remote attacker can supply malicious X.509 certificate to be passed and bypass security restrictions to conduct further attacks.

Mitigation
The vulnerability has been fixed in the versions 2.3.8, 2.4.5, 2.5.2.

Vulnerable software versions

Ruby: 2.2.3 - 2.6.0-preview2

External links
http://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctl...

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Security restrictions bypass in Dell EMC Avamar
Multiple vulnerabilities in Dell Storage Monitoring and Reporting (SMR)
SUSE update for ruby
Multiple vulnerabilities in Dell EMC Data Protection Search
Multiple vulnerabilities in Dell EMC Integrated Data Protection Appliance
Multiple vulnerabilities in Oracle Communications Interactive Session Recorder
Red Hat update for ruby
Red Hat update for ruby
OpenSUSE Linux update for ruby-bundled-gems-rpmhelper, ruby2.5
Amazon Linux AMI update for ruby23